Back

Breach of France's Tchap Messaging Service Exposes Sensitive Data

Severity: High (Score: 64.2)

Sources: www.numerique.gouv.fr, Engadget, Feeds2.Feedburner, Thenextweb, Theregister

Published: 2026-06-09 · Updated: 2026-06-10

Keywords: french, messaging, account, government, compromise, platform, breach

Severity indicators: pla, breach, government

Summary

On June 7, 2026, the French government's encrypted messaging platform Tchap was breached due to an account hijacking. The attack was executed through social engineering, compromising a user account linked to Tchap's education environment. The attacker claims to have accessed data from approximately 73,000 state agents, including 643,000 messages and nearly 60,000 files, totaling about 13.5 GB of data. French authorities, including the National Cybersecurity Agency (ANSSI) and the Digital Affairs Directorate (DINUM), are investigating the incident and have blocked the compromised account. While DINUM asserts that private conversations remain secure due to encryption, the attacker claims broader access, raising concerns about the true extent of the breach. The incident has been reported to France's data protection authority, CNIL, due to potential exposure of personal data. Investigations are ongoing to ascertain the full impact and nature of the data accessed. Key Points: • Tchap, the French government messaging platform, was breached via account hijacking. • The attacker claims to have accessed data from 73,000 accounts and 643,000 messages. • DINUM insists that private conversations remain secure, but the attacker disputes this.

Detailed Analysis

**Impact** Approximately 73,000 French state agents’ accounts were potentially affected, representing under 9% of Tchap’s 825,000 users. The attacker claims to have accessed roughly 643,000 messages, nearly 60,000 files totaling about 13.5 GB, and hundreds of chat rooms, including references to restricted government documents marked "Diffusion Restreinte." The breach impacts civil servants across ministries and public agencies in France, potentially exposing personal data such as names, emails, organizational information, meeting links, and device metadata. Operationally, the incident risks undermining trust in France’s sovereign messaging infrastructure designed to replace foreign platforms. **Technical Details** The attacker gained access through social engineering targeting a valid user account on Tchap’s education environment, hijacking credentials rather than exploiting system vulnerabilities or encryption flaws. Tchap is based on the decentralized Matrix protocol with end-to-end encryption for private chats, but public chat rooms are unencrypted and accessible to all authenticated users. The attacker leveraged user enumeration via a directory function and exploited the ability to download all shared files without token restrictions. The compromised account was identified and blocked; no malware, CVEs, or additional tools were publicly reported. **Recommended Response** Immediately block and monitor compromised accounts and conduct thorough log analysis to identify accessed data and lateral movement. Enforce strict user education on avoiding social engineering and restrict sensitive information sharing to encrypted private chats only. Harden access controls on directory and media retrieval functions to prevent enumeration and unauthorized downloads. Continue coordination with CNIL for data protection compliance and monitor for any indicators of further compromise or data exfiltration attempts.

Source articles (9)

  • French govt messaging service breached in account hijacking attack — Bleepingcomputer · 2026-06-09
    DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government's encrypted messaging platform. Developed in-ho…
  • France probes compromise of gov messaging platform after account hijack — Theregister · 2026-06-09
    Authorities say the breach only exposed public chat rooms, but alleged attacker claims to have accessed far more data French officials are investigating a compromise of the government’s encrypted mess…
  • French government messaging platform breached through account hijacking — Feeds2.Feedburner · 2026-06-09
    French authorities are investigating a compromise of Tchap, the government’s secure messaging platform, after hackers hijacked a user account and gained access to public chat rooms. Tchap is the Frenc…
  • The French government's internal messaging service was compromised in a security breach — Engadget · 2026-06-09
    A threat actor has since claimed responsibility for the attack on the encrypted Tchap platform. The French government's in-house messaging service, Tchap, has been breached in a cyber attack. On June…
  • France's sovereign messenger Tchap hit by account breach — Thenextweb · 2026-06-09
    France built its own encrypted messenger so civil servants would not have to trust WhatsApp or Telegram. Now that messenger has been breached, and the government and the attacker cannot agree on how m…
  • French government messaging platform Tchap breached via hijacked account — Scworld · 2026-06-09
    Hackers gained unauthorized access to Tchap, the French government's secure messaging platform, by exploiting a compromised user account. The breach was detected by the French Cybersecurity Agency (AN…
  • France’s Government Messaging App Tchap Got Breached — Securityaffairs.Co · 2026-06-10
    France’s government chat app Tchap was breached after a single account was compromised, exposing messages and data from public channels. Tchap, the encrypted messaging platform developed by the French…
  • French Government’s Tchap Messaging Platform Breached via Compromised Account — Thecyberexpress · 2026-06-10
    French authorities are investigating a security incident involving Tchap, the encrypted messaging platform used by the French government, after attackers reportedly gained access through a compromised…
  • French government — www.numerique.gouv.fr · 2026-06-10
    Le 7 juin 2026, un compte utilisateur de Tchap, la messagerie instantanée chiffrée de l’État, a été compromis à la suite d'une usurpation de compte, un incident signalé et analysé en coordination avec…

Timeline

  • 2026-06-07 — Breach detected: ANSSI detected suspicious activity on Tchap, leading to an investigation by DINUM.
  • 2026-06-09 — Public announcement of breach: DINUM confirmed the breach and alerted users about the compromised account and potential data exposure.
  • 2026-06-09 — Investigation ongoing: DINUM and ANSSI continue to analyze logs to determine the extent of the data accessed and any potential exfiltration.

Related entities

  • Data Breach (Attack Type)
  • Anssi (Company)
  • ANTS (Company)
  • CNIL (Company)
  • Dinum (Company)
  • French Government (Company)
  • France (Country)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • CWE-798 - Use of Hard-coded Credentials (Cwe)
  • matrix.agent.education.tchap.gouv.fr (Domain)
  • Government (Industry)
  • T1041 - Exfiltration Over C2 Channel (Mitre Attack)
  • T1059.001 - PowerShell (Mitre Attack)
  • T1078 - Valid Accounts (Mitre Attack)
  • T1087 - Account Discovery (Mitre Attack)
  • T1552.001 - Credentials In Files (Mitre Attack)
  • T1566 - Phishing (Mitre Attack)
  • Matrix Protocol (Platform)
  • Tchap (Platform)
  • PowerShell (Tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed