Chess.com Data Breach: Hackers Compromise External System and Achieve Internal Access

Online chess giant Chess.com has reported a data breach that compromised the personal information of 4,541 individuals, as disclosed in a filing with the Maine Attorney General’s Office. The cyber incident occurred on June 5, 2025, and was discovered nearly two weeks later on June 19, 2025. Chess.com confirmed that the breach resulted from an external hack, allowing attackers to gain unauthorized access to sensitive data. While the company reported that hackers obtained names and personal identifiers, it did not provide a comprehensive breakdown of all exposed data elements. The breach affected users across multiple regions, including one resident of Maine. In response, Chess.com began notifying impacted individuals on September 3, 2025, and is offering 12 months of complimentary identity theft protection services to help safeguard its community.

Elias Colabelli, Head of the Legal Department and Data Protection Officer at Chess.com, emphasised that the company is strengthening its systems to prevent similar incidents in the future. Although the number of affected users may seem low compared to other large-scale data breaches, this incident highlights that even major online platforms remain targets for cybercriminals. With over 150 million users worldwide, Chess.com holds a vast amount of personal data, making it an attractive target for hackers. Cybersecurity experts warn that breaches of this nature can lead to identity theft, phishing attempts, and further fraud if stolen data circulates on underground markets. Chess.com has not disclosed whether law enforcement is involved in the investigation and continues to work on tightening security protocols and monitoring its systems closely. Users are reminded to stay vigilant, monitor financial accounts, and be cautious of suspicious emails that could exploit stolen personal details. 

Categories: Data Breach, Cybersecurity Response, User Protection 

Tags: Chess.com, Data Breach, Personal Information, Cyber Incident, Unauthorized Access, Identity Theft, Security Protocols, Cybercriminals, Users, Notification