Chess.com is a very popular service that allows people to play chess online, as well as providing a community forum and news section to keep players up to date with the latest chess news. It has over 100 million users and millions of games are played every day. For example, currently, the counter at the top of the site shows that around 20 million games have been played today, with nearly 200,000 people online at the same time. Now, the platform has disclosed a data breach affecting some players.

According to Bleeping Computer, Chess.com has issued a notice to some customers, informing them that its services have been indirectly affected by a data breach of a third-party file transfer application used by the platform. The incident occurred between June 5 and June 18 this year, with the company discovering the data breach on June 19.
Chess.com immediately notified relevant law enforcement authorities and engaged security experts to assess the scope of the breach and contain it. While the process was successful, the data of nearly 4,500 users was still exposed. These breaches may have included personally identifiable information (PII), but no financial data was captured.
For a platform with 100 million users, 4,500 users may sound small, as this only accounts for 0.0045% of its users. However, the service still provides affected users with identity theft and credit monitoring for several years. Affected users have until December 3, 2025 to sign up for these free services.
Chess.com emphasized that only the third-party file transfer application it used was affected; its own infrastructure remains robust and unaffected. It's unclear which app was compromised, but it's reassuring to know that the stolen data has not yet been discovered online or misused by malicious actors.