Chess.com Reports a Latest File Transfer App Data Breach
Chess.com Reports a Latest File Transfer App Data Breach
Threat actors had unlawful access to a third-party file transfer tool that Chess.com uses, leading the website to reveal a data breach.
The threat actors had access to the aforementioned application for two weeks, from June 5 to June 18, during the June 2025 incident.
After learning of the breach on June 19, 2025, Chess.com began an investigation to ascertain its extent and consequences.
“On June 19, 2025, Chess.com became aware of potential unauthorized access to data stored in a third-party file transfer application used by Chess.com,” the notice given to affected customers said.
“Upon becoming aware of the incident, we started an investigation, retained leading experts, notified federal law enforcement, and began taking measures to address the incident.”
The study found that little over 4,500 people, or a very tiny portion of the platform’s enormous 100 million members, are impacted by the incident.
One of the biggest online chess portals in the world, Chess.com, serves as both a social networking site for chess enthusiasts and a platform for holding matches.
The platform has made it clear that its own infrastructure and user accounts were unharmed by the event; it only had an impact on the unidentified third-party app.
However, names and other personally identifiable information (PII) not included in the sample notices Chess.com sent to the authorities are among the data that might have been accessed.
Moreover, Chess.com stated that no financial data has been made public and that there is currently no proof that the stolen data has been misused or made public.
According to the platform, it has alerted law enforcement and taken other precautions to secure its systems. Additionally, it provides affected members with free credit monitoring and identity theft protection for one to two years.
While recipients of the letter have until December 3, 2025, to sign up for the services, it is advised that they do it as soon as possible.
Chess.com experienced another cyber incident in November 2023, when an API weakness allowed over 800,000 user records to be scraped from the website and then shared on a hacker forum.
According to HaveIBeenPwned, the data that was made public in that instance included usernames, full names, email addresses, and geographic areas.
News4Hackers has reached out to Chess.com to inquire about the kinds of data that were compromised and the identity of the compromised third party; however, we have yet to receive a response.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
Read More:
Android Phones are at a Hacking Risk Over Millions of Devices in India: Update Your Device
About Author
English