The largest online platform for chess players said hackers gained access to customer information through a file transfer tool used by the company. 

In breach notifications submitted to regulators in Maine and Vermont, Chess.com explained that 4,541 people had personal information exposed to hackers who breached an unnamed file transfer application between June 5 and June 18. 

The incident was discovered by Chess.com on June 19 and federal law enforcement was immediately notified of the cyberattack. 

A spokesperson for Chess.com would not say what information was stolen or which file transfer tool was breached. Two popular brands of file transfer tools — Wing FTP and CrushFTP — reported severe vulnerabilities in July that needed to be patched by customers. 

“In June we became aware of unauthorized access to data stored in a third-party file transfer application used by Chess.com. Chess.com’s code was not compromised,” the spokesperson told Recorded Future News. 

“We have determined that the unauthorized actor acquired certain Chess.com data for fewer than 0.003% of users. No banking information or member accounts, including usernames and passwords, were disclosed as a result of this incident.”

Chess.com has existed since 2005 and is one of the world’s most popular platforms for playing chess — organizing 10 million games per day for more than 100 million registered users.  

No hacking group has taken credit for the incident and Chess.com told victims that they “have no indication that any of your impacted data has been shared publicly on any online sources.”