A security breach at Chess.com, a widely-used online chess platform, has exposed the personal data of over 800,000 users. The breach was disclosed after a threat actor named ‘DrOne’ leaked the scraped database on Breach Forums, a notorious cybercriminal hub.
While the compromised information did not include passwords, the exposed data, including full names, usernames, email addresses, and user IDs, poses a significant risk for phishing scams, identity theft, and social engineering attacks. This incident, which impacts approximately 0.533% of Chess.com’s user base exceeding 150 million, highlights the ongoing challenge of preventing web scraping, especially for large platforms.
The leaked information, shared on Breach Forums, revealed details such as full names, usernames, email addresses, countries of origin, avatar URLs, universally unique identifiers (UUID), user IDs, and registration dates.
Despite the absence of passwords, the validity and activity status of the email addresses increase the risk for potential misuse. Web scraping, the likely method used in this attack, remains challenging to prevent for large platforms like Chess.com, prompting the need for continuous improvement in cybersecurity defenses. This incident emphasizes the ongoing threat landscape and the necessity for users to adopt robust cybersecurity practices.
Chess.com has faced previous cybersecurity challenges, with an ethical hacker identifying a critical vulnerability in February 2021. In response to this latest breach, Chess.com users are strongly advised to change passwords not only on the platform but also across other services where the same password may be used.
Additionally, users should exercise caution with emails containing links, verifying URLs to avoid falling victim to phishing scams. The incident underscores the crucial role of robust cybersecurity measures and user vigilance in safeguarding personal information online.