The world’s largest chess platform, Chess.com, has notified thousands of users of a compromise of their personal data following a breach of a third-party contractor responsible for information storage. The incident involved files transferred through an external file-sharing service used by the company and did not affect Chess.com’s own systems.
According to a notice sent to affected users and reported by Cybernews, unauthorized access was detected at the end of June. However, analysis revealed that the attack actually took place twice—on June 5 and June 18. The intruders gained access solely to documents stored in the external data transfer application. Neither Chess.com’s databases nor its codebase were compromised, and no evidence has been found of abuse or publication of the exposed materials.
A filing with the Maine Attorney General’s Office clarified that the incident impacted more than 4,500 individuals. While this accounts for just 0.003% of Chess.com’s total user base—which recently surpassed 200 million—the company deemed it necessary to take additional measures to mitigate risk.
Representatives of Chess.com emphasized that, immediately upon discovering the issue, the company launched an internal investigation and coordinated with law enforcement. The contractor restricted access, and the breach was contained. Simultaneously, Chess.com enhanced its security mechanisms and implemented new layers of oversight.
To minimize potential consequences, victims were offered free credit monitoring services through an external provider. Users were also strongly urged to remain vigilant and monitor their accounts and related services for any suspicious activity.
This is not the first time the platform has been targeted by cybercriminals. In 2023, a database containing information on more than 800,000 Chess.com members surfaced on a popular leak forum. That dataset included email addresses, user IDs, names, cities, ratings, subscription levels, registration dates, and other details tied to gameplay and community interactions.
