Chess.com Faces Second Data Leak; 476,000 Scraped User Records Leaked

Chess.com, an online platform for chess enthusiasts, has experienced multiple data breaches resulting in the exposure of user data. Hackers exploited the platform's API to extract publicly available user information, including names, usernames, email addresses, and profile pictures. Two separate incidents have occurred, with over 800,000 and 476,121 users affected, respectively. The leaked data poses a risk of identity theft and phishing attacks. The threat actors responsible claim to have acquired four more databases, potentially affecting over 1 million additional users. Chess.com has clarified that this is not a cyber attack, as its servers were not compromised. However, the inclusion of email addresses in the leaked data makes users vulnerable to various malicious activities. Web scraping, the method used by hackers to extract data from websites, is difficult to defend against, and even preventive measures such as rate limiting and captcha challenges can be overcome.