France is investigating a security incident involving its government-backed messaging platform Tchap after attackers allegedly accessed data linked to more than 73,000 user accounts.
Quick Summary – TLDR:
- Tchap, France’s government messaging platform, suffered a security breach linked to a compromised user account.
- More than 73,000 user accounts and roughly 643,000 messages were allegedly exposed.
- French authorities say private encrypted conversations remain protected.
- The incident has triggered an investigation involving DINUM, ANSSI, and France’s data protection authority CNIL.
What Happened?
French authorities have confirmed a security breach affecting Tchap, the messaging application used by public sector workers and civil servants across the country. The incident was detected on June 7 after attackers gained access to the platform through a compromised user account.
Officials say the intrusion primarily affected data shared in public chat rooms, while encrypted private conversations remained secure. Investigators are now examining the scope of the breach and the information that may have been accessed.
🇫🇷 🚨 Alleged Data Leak of Tchap
— ThreatMon (@MonThreat) June 8, 2026
A threat actor claims to have compromised Tchap, the official messaging platform used by French government agencies, and to have obtained approximately 13.5 GB of internal data spanning nearly three years of communications. According to the post,… pic.twitter.com/gDEZXZ24wE
Attack Linked to Compromised User Account
According to France’s digital affairs directorate, DINUM, the breach began when a valid Tchap account was hijacked and used to make unauthorized requests across the platform. The account responsible for the activity was identified and blocked shortly after the incident was discovered.
France’s cybersecurity agency ANSSI joined the investigation and is helping analyze logs and platform activity to determine exactly what information was exposed. Authorities also notified CNIL, the country’s data protection regulator, because personal information may have been accessed during the incident.
DINUM stated that the compromised account’s access was immediately revoked to prevent further activity and support a detailed review of the affected systems.
Hacker Claims Massive Data Theft
A threat actor using the nickname “misere” has claimed responsibility for the breach. According to posts circulating online, the attacker allegedly gained access through a social engineering operation targeting a legitimate user account connected to Tchap’s education environment.
The threat actor claims to have obtained approximately 13 to 13.5 GB of data, including:
- 73,467 user accounts
- 643,459 messages
- 876 chat rooms with message history
- 59,386 shared media files
- Government email addresses
- Organization details
- Meeting links
- Account and device metadata
The attacker also claimed to have discovered hardcoded LDAP credentials exposed through a PowerShell script. French authorities have not independently verified all of these claims.
Public Chat Rooms Became the Weak Point
A key detail in the investigation is the distinction between Tchap’s private and public communication spaces.
Officials emphasized that private conversations on Tchap are encrypted, preventing attackers from accessing message content even after the account compromise. However, public rooms operate differently.
By design, public chat rooms can be joined by any authorized Tchap user, and messages shared there are not encrypted. Because of this structure, attackers were reportedly able to collect information from public discussions, including user names, email addresses, profile images, and the government organizations where users work.
DINUM said fewer than 9 percent of Tchap’s registered users were affected by the incident.
A Critical Platform for French Government Communications
Launched in 2018 through a collaboration between DINUM and ANSSI, Tchap was created as a sovereign communication platform for French public sector employees. The service is built on the Matrix protocol and was designed to reduce reliance on foreign messaging applications for official government communications.
The platform’s importance has grown significantly in recent years. After becoming the default workplace messaging application for civil servants in 2025, Tchap expanded to more than 300,000 monthly active users and accumulated over 500,000 downloads on Google Play.
The scale of adoption means that even a limited breach has raised concerns about data security across France’s public administration systems.
Investigation Continues
Authorities are continuing to review logs and forensic evidence to determine exactly what data was accessed and whether any information has been misused. Investigators are also assessing the threat actor’s claims regarding the volume of stolen messages, files, and account information.
While officials maintain that encrypted private communications remain secure, the incident highlights the risks posed by compromised accounts and social engineering attacks, even within platforms specifically designed for government use.
SQ Magazine Takeaway
I think this incident is a reminder that even government built communication platforms are only as secure as the accounts that access them. The fact that encrypted private chats appear to have remained protected is encouraging, but the exposure of tens of thousands of user accounts and hundreds of thousands of messages shows how damaging a single compromised account can be. As governments around the world push for sovereign digital tools, strong identity protection and account security remain just as important as encryption itself.
