France is probing a breach of its Tchap government messaging platform after a hijacked account accessed public chat rooms. Officials say encrypted chats were not exposed, while an alleged hacker claims far broader access. The extent of the compromise is still unclear.
French authorities are investigating a security breach of Tchap, the government’s secure messaging platform, after hackers hijacked a user account and accessed public chat rooms. The intrusion, detected on June 7 by national cybersecurity agency ANSSI, prompted an immediate investigation by the Interministerial Directorate for Digital Affairs (DINUM) to determine how the account was compromised and what information may have been exposed. Officials said the malicious account was quickly blocked and emphasized that private, end‑to‑end encrypted conversations were not affected, limiting exposure to public, non‑encrypted chat rooms.
An individual claiming responsibility has alleged a far more extensive compromise, including tens of thousands of user accounts, hundreds of thousands of messages, media files, and references to restricted‑distribution documents. The attacker claims access was gained through social engineering of an account linked to Tchap’s education environment, though none of these assertions have been independently verified. DINUM has notified France’s data protection authority, CNIL, due to the potential exposure of personal data shared in public rooms and reminded users that public conversations on Tchap are accessible to all platform members and are not encrypted. The full scope of the breach remains under investigation.
