Not quite checkmate yet - thousands of Chess.com fans may have had details stolen in cyberattack, here's what we know

News
By published

Third-party file transfer tool exploit puts Chess.com users at risk

Chess.com
(Image credit: Chess.com)
  • Chess.com discloses June 2025 cyberattack which exposed data of 4,541 users
  • Hackers exploited a vulnerable third-party file transfer tool; core systems weren’t breached
  • No logins or payment data were stolen; victims get free identity theft and credit monitoring

Chess.com, the biggest and most popular chess game online platform, has confirmed suffering a cyberattack in which it lost sensitive information on a small fragment of its user base.

In a data breach notification filed with the Maine Attorney General’s Office, the company said the incident occurred on June 5, and was spotted roughly two weeks later, on June 19.

In total, 4,541 people were exposed, out of 200 million+ of Chess.com’s registered users.

Infrastructure intact

The hackers, who weren’t named in the report, managed to steal the data through a third-party managed file transfer tool Chess.com used.

The company did not want to say which one it was, but Recorded Future News found two popular brands of file transfer tools - Wing FTP and CrushFTP, both reporting “severe vulnerabilities” in July 2025, which the customers were urged to patch.

The company also stressed that its code and infrastructure remained intact, and that so far there was no evidence that the stolen files were abused in the wild.

It's not known what kind of information they stole, apart from people’s names - as Chess.com only confirmed banking information and login details were not compromised.

So far, no one claimed responsibility for the attack.

Chess.com did what most companies do in the aftermath of a cyberattack - hired a third-party cybersecurity team, launched an investigation, notified relevant authorities, and alerted affected individuals. It is also offering free identity theft and credit monitoring for the victims.

The platform was founded in 2007 and has since grown to become the number one place for Chess lovers. Beyond gameplay, Chess has a huge social component: players can join clubs, chat, and follow streamers or grandmasters. The platform has apps for web, iOS, and Android, and offers a mix of casual play, training tools, and professional broadcasts.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.