Chess.com Announces Data Breach Through File Transfer Application

Chess.com Announces Data Breach Through File Transfer Application

On June 19, 2025, Chess.com detected unauthorized access to a third-party file transfer application used by the platform. The intrusion lasted for two weeks (June 5–18) before being discovered.

📢 Key Details

• Impact: ~4,500 users (out of 100M total members).
• Data accessed: Names + limited PII (no financial info).
• Exposure: No evidence yet of stolen data being leaked or misused.
• Response: Law enforcement notified, enhanced security measures applied.
• Support: Affected users receive 1–2 years free identity theft and credit monitoring (must enroll by Dec 3, 2025).

⚖️ Context

This isn’t the first incident for Chess.com. In Nov 2023, over 800,000 user records were scraped via an API flaw and later leaked online.

🔒 Lessons Learned

Even platforms outside traditional finance or healthcare can be attractive targets. Third-party applications often pose hidden risks to user privacy and security.

At Alcaeus Services, we help organizations strengthen their third-party risk management, detect breaches more quickly, and protect user trust.