A threat actor operating under the alias ‘DrOne’ has taken responsibility for leaking the scraped database of Chess.com, a widely popular online platform for chess enthusiasts and social networking. The breach, disclosed on November 8th, 2023, on Breach Forums, exposes personal data from over 800,000 registered users, raising cybersecurity alarms within the online chess community.
Chess.com, boasting a massive user base of 150 million as of 2023, faces a breach affecting approximately 0.533% of its total users. The leaked data, including full names, usernames, profile links, email addresses, users’ originating countries, avatar URLs, Universally Unique Identifier (UUID), User IDs, and registration dates, was unveiled after a comprehensive scan by Hackread.com.
While the leaked data doesn’t include passwords, the revelation that almost every email address prompted a message ‘An account already exists with this email address’ upon attempting to sign up suggests the presence of valid and active email addresses associated with existing Chess.com accounts.
Web scraping, an automated process for data extraction from websites, is employed by software to gather specific information from web pages. Large websites like Chess.com employ various measures to prevent scraping, but hackers continuously develop new techniques to circumvent these measures.
This incident is not Chess.com’s first encounter with cybersecurity issues. In February 2021, ethical hacker Sam Curry identified and reported a critical vulnerability that could potentially grant access to any account on the platform, including the administrator account.
The breached data poses a tangible threat, potentially facilitating identity theft, phishing scams, or social engineering attacks. Users are strongly advised to change their passwords not only on Chess.com but also on any other online accounts using the same password. As cybercriminals may deploy phishing tactics, users should exercise caution regarding emails with links leading to potential malicious websites mimicking Chess.com or other legitimate platforms.
In light of this breach, Chess.com users are urged to remain vigilant and adopt security measures to protect their personal information from potential misuse. As the platform addresses this breach, users are reminded to exercise caution online and stay informed about cybersecurity best practices.
