France’s government-only messaging app Tchap has been breached, with an alleged hacker saying 650,000 messages and 73,000 accounts were exposed.
French officials confirmed that the encrypted platform used by public-sector workers was accessed during a June 7 security incident. They said private chats remained protected, but investigators are still reviewing what the attacker could reach.
Public rooms are central to the official explanation, and those spaces were never meant for sensitive exchanges.
Officials move to contain the account hijack
The breach began on June 7, when a Tchap user account was hijacked, according to France’s digital affairs directorate, known as DINUM. ANSSI, the country’s national cybersecurity agency, helped analyze the incident as government teams worked to verify what happened.
The agency traced the malicious requests to one account.
“At this stage, the account originating the malicious requests has been identified,” DINUM said. “It was immediately blocked to remove the attacker’s persistent access and allow for a thorough analysis of the data they were able to access.”
Investigators are now reviewing event logs to determine which conversations were accessible and what information may have been taken. France’s data protection authority, CNIL, was also notified because personal data shared in affected conversations may have been compromised.
Messages, accounts, and rooms may have been exposed
A threat actor using the handle “misere” attributed the access to social engineering of a valid account tied to Tchap’s education environment, matrix.agent.education.tchap.gouv.fr.
Claimed exposed data included:
- 643,459 messages
- 73,467 user accounts
- 876 rooms with message history
- 59,386 media files
The material listed in the post also included names, government email addresses, organization information, meeting links, account and device metadata, and shared files.
Seb Latombe, a French cybersecurity and data breach analyst who founded FrenchBreaches, said timestamps in the published samples suggest the data could span from June 2023 to June 2026. He also said media files could allegedly be matched to message lines, making it easier to trace who sent specific files.
DINUM has not confirmed the attacker’s figures, and the full data claim has not been independently verified.
Public Tchap rooms were open by design
DINUM separated Tchap’s private conversations from its public rooms. Private chats are encrypted, and even after account hijacking, their message history is not accessible, according to the agency.
Public rooms, however, are treated differently.
“A public chat room can be found and joined by any user and its content is not encrypted,” DINUM said in its notice to users.
The agency reminded users that personal, sensitive, or confidential information should not be exchanged in public rooms. Tchap has more than 300,000 monthly users, giving the breach wider significance after French officials moved civil servants toward the platform and away from foreign messaging apps for work.
EU regulators are pushing Meta to reopen WhatsApp to rival AI assistants while the antitrust fight plays out.