Chess.com has confirmed a data breach after attackers gained unauthorized access to a third-party file transfer tool used by the platform. The breach occurred between June 5 and June 18, 2025, and was discovered on June 19.
Following the discovery, Chess.com launched an investigation, brought in cybersecurity experts, and notified federal authorities. The breach affected just over 4,500 users, less than 0.005% of its 100 million-member base.
The company clarified that its own systems and user accounts were not compromised. However, the exposed data may include names and other personal details, though no financial information was involved. There’s currently no evidence that the stolen data has been misused or made public.
To support affected users, Chess.com is offering up to two years of free identity theft and credit monitoring. Users have until December 3, 2025, to enroll.
This incident follows a previous breach in November 2023, when over 800,000 user records were scraped via an API flaw and leaked online. That data included emails, full names, usernames, and locations.
Chess.com has yet to disclose the name of the third-party service involved in the latest breach.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
