Chess.com has confirmed that cyber-attackers exploited a third-party file-transfer application, exposing personal details of 4,541 users—including at least one individual in Maine. The breach occurred on 5 June 2025, with a second intrusion on 18 June 2025, but came to light only on 19 June, when an internal investigation began. Chess.com breach exposes personal data of 4,541 users remained unnoticed until that date.
Chess.com operates from Orem, Utah, and has assured users that its own infrastructure and account systems were not compromised; only the external file-transfer tool was affected. No financial credentials, passwords, or login data were exposed. The data scraped included users’ names and unspecified personal identifiers—not detailed categories such as account credentials.
The company began sending written notifications to affected individuals on 3 September 2025, in compliance with data-security regulations. Maine authorities received formal notification, and federal law enforcement was also informed. Chess.com is offering one year of complimentary identity-protection services via IDX, which include credit monitoring, cyber-scan monitoring and identity-theft recovery; enrolment must be completed by 3 December 2025.
Chess.com engaged external cybersecurity experts to contain the breach and secure its systems post-incident. The company urged affected users to remain alert for phishing attempts, monitor financial statements and credit activity, and take advantage of the protection services offered.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
