Chess.com Confirms Data Breach After Hackers Exploit External System

Chess.com, the world’s leading online chess platform, has confirmed a significant data breach that compromised personal information of thousands of users after hackers successfully exploited an external system connected to their network.

The Orem, Utah-based company disclosed that the security incident affected 4,541 individuals across the United States, including one Maine resident.

The breach occurred on June 5, 2025, but was not discovered by the company’s security team until June 19, 2025 – a two-week gap that highlights the sophisticated nature of the attack.

Breach Details

According to official breach notification documents filed with Maine’s Attorney General office, hackers gained unauthorized access through what the company describes as an “external system breach.”

This type of attack typically involves cybercriminals exploiting vulnerabilities in third-party systems or vendors that have connections to the main company network.

The compromised data included names and other personal identifiers, though Chess.com has not specified the exact types of additional information accessed.

The company’s Head of Legal Department, Elias Colabelli, submitted the breach notification on behalf of the organization, emphasizing the company’s commitment to transparency and regulatory compliance.

Chess.com took nearly three months to notify affected users, sending written notifications on September 3, 2025. This timeline falls within legal requirements but represents a significant delay from the discovery date.

To protect affected individuals, the company is offering 12 months of identity theft protection services at no cost.

These services typically include credit monitoring, identity restoration assistance, and fraud alerts to help users detect any misuse of their personal information.

This incident adds to growing concerns about cybersecurity in the gaming industry, where platforms store vast amounts of user data including personal information, payment details, and behavioral patterns.

Chess.com, which serves millions of chess enthusiasts worldwide, joins other major gaming platforms that have faced similar security challenges.

The company has not disclosed specific details about security improvements implemented following the breach discovery.

However, external system breaches often prompt organizations to strengthen vendor security requirements and implement additional monitoring systems.

Users are advised to remain vigilant for any suspicious activity related to their accounts and take advantage of the offered identity protection services.

The incident serves as a reminder of the ongoing cybersecurity threats facing online gaming platforms and the importance of robust security measures across all connected systems.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.