- Chess.com reveals June 2025 Cyberattack that exposed data from 4,541 users
- Hackers utilized a vulnerable third -party file transfer tool; Core systems were not broken
- No login or payment data was stolen; Victims get free identity theft and credit monitoring
Chess.com, the largest and most popular chess game online platform, has confirmed to suffer a cyberattack where it lost sensitive information on a small fragment of its user base.
In a message of violation of data filed with Maine Attorney General’s Office, the company said the incident took place on June 5 and was discovered about two weeks later, June 19.
In total, 4,541 people were exposed to 200 million+ of Chess.com’s registered users.
Infrastructure intact
The hackers not named in the report managed to steal the data through a third -party -managed file transfer tool used.
The company would not say which it was but Recorded future news Found two popular brands of file transfer tools – Wing FTP and Crushftp, both reported “serious vulnerabilities” in July 2025, which customers were encouraged to patch.
The company also emphasized that its code and infrastructure remained intact and that so far there was no evidence that the stolen files were abused in nature.
It is not known what kind of information they stole, except for people’s names – when Chess.com only confirmed bank information and login information was not compromised.
So far, no responsibility for the attack assumed.
Chess.com did what most companies do in the wake of a cyberattack – hired a third -party cyber security team, launched a study, informed relevant authorities and warned affected persons. It also offers free identity theft and credit monitoring for the victims.
The platform was founded in 2007 and has since grown to become the biggest place for chess lovers. In addition to gameplay, Chess has a huge social component: Players can participate in clubs, chat and follow streamers or grandmothers. The platform has apps for web, iOS and Android and offers a mix of casual games, training tools and professional broadcasts.
Via Bleeping computer
