The Chess.com Data Breach

♟️ The Breach Breakdown
Scope: Exactly 4,541 users were affected (roughly 0.003% of their 150 million members).
The Cause: It wasn't a direct hack of Chess.com’s servers. Instead, hackers exploited a vulnerability in a third-party file transfer tool the company used.
Timeline: The unauthorized access occurred between June 5 and June 18, 2025, and was discovered on June 19.
🛡️ What Data Was Involved?
The good news is that the "crown jewels" remained safe.

Safe: No banking information, credit card details, or account passwords were compromised.
Exposed: The breach included names and other personal identifiers (PII) that were stored within that specific file transfer tool.
📢 The Response
Chess.com notified the affected individuals starting in early September 2025. They offered those users:

12 to 24 months of free identity protection and credit monitoring.
Assurance that their core systems and source code remained uncompromised.
 
Is this related to the 2023 leak?
You might also be thinking of the November 2023 incident, which was much larger. In that case, an API flaw allowed "scrapers" to gather data on over 800,000 accounts (including usernames, emails, and locations).

Peer-to-Peer Tip: If you were one of the 4.5k affected in 2025, you should have received a direct email or letter. If you didn't, you’re likely in the clear! It's still a good idea to use Two-Factor Authentication (2FA) just to keep your Elo (and your data) locked down.