VERIFIEDBy Xavier Rivera· ·2 min read
French Government Tchap Messaging Service Breached
DINUM warned that hackers breached the French government's Tchap messaging platform using a hijacked user account detected by ANSSI on Sunday. The incident raises concerns over potential exposure of personal data from public chat rooms that are not encrypted.
Source:BleepingComputer
TL;DRAI · 60 sec read
Developing storymonitoring for updates
This story is still unfolding. Confirmed developments will appear here.
Hackers breached Tchap, the French government's encrypted messaging platform, by hijacking a user account.
DINUM confirms account hijacking breach. DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap. ANSSI, the French Cybersecurity Agency, detected the breach on Sunday. DINUM revealed the incident on Monday and alerted France's data protection authority, the CNIL, due to potential exposure of personal data.
DINUM confirms account hijacking breach. DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap. ANSSI, the French Cybersecurity Agency, detected the breach on Sunday. DINUM revealed the incident on Monday and alerted France's data protection authority, the CNIL, due to potential exposure of personal data.
DINUM sent a message to all Tchap users reminding them that public chat rooms are accessible to any user and their content is not encrypted.
The account originating the malicious requests has been identified and immediately blocked. An investigation continues, including analysis of event logs to identify accessed conversations and the nature of exfiltrated data. DINUM sent a message to all Tchap users reminding them that public chat rooms are accessible to any user and their content is not encrypted.
Tchap built for French public sector use. Developed in-house by DINUM in collaboration with ANSSI in 2018, Tchap is an instant messaging service and collaboration tool based on the decentralized Matrix protocol. It is designed exclusively for the French public sector. Prime Minister François Bayrou mandated its use and banned foreign apps for work communications for all civil servants in early August 2025.
Tchap has now reached over 300,000 monthly users. It has over 500,000 downloads on Google's Play Store.
Tchap built for French public sector use. Developed in-house by DINUM in collaboration with ANSSI in 2018, Tchap is an instant messaging service and collaboration tool based on the decentralized Matrix protocol. It is designed exclusively for the French public sector. Prime Minister François Bayrou mandated its use and banned foreign apps for work communications for all civil servants in early August 2025.
Tchap has now reached over 300,000 monthly users. It has over 500,000 downloads on Google's Play Store.
They added that every file ever shared on Tchap on any shard is downloadable without a token, with media IDs coming from the messages.
Threat actor claims responsibility with data samples. A threat actor claimed responsibility for the incident over the weekend and shared a sample of stolen files. They said they gained access following a social engineering attack on a valid account on the education shard at matrix.agent.education.tchap.gouv.fr. The actor claimed to have stolen hardcoded LDAP credentials allegedly leaked via a PowerShell script shared by a French tax authority regional director.
They also claimed to have stolen over 13.5GB of documents and media files shared by public servants. The actors allegedly scraped nearly 650,000 messages and information on over 73,000 accounts, including email addresses, organization information, meeting links, and account and device metadata. They added that every file ever shared on Tchap on any shard is downloadable without a token, with media IDs coming from the messages.
Public rooms restricted for sensitive data. In accordance with Tchap's terms of service, no personal, sensitive, or confidential information should be exchanged in public chat rooms. Such exchanges should be reserved for private chat rooms. DINUM has not shared any further details regarding the breach. BleepingComputer reached out to DINUM with questions, but a response was not immediately available.
They also claimed to have stolen over 13.5GB of documents and media files shared by public servants. The actors allegedly scraped nearly 650,000 messages and information on over 73,000 accounts, including email addresses, organization information, meeting links, and account and device metadata. They added that every file ever shared on Tchap on any shard is downloadable without a token, with media IDs coming from the messages.
Public rooms restricted for sensitive data. In accordance with Tchap's terms of service, no personal, sensitive, or confidential information should be exchanged in public chat rooms. Such exchanges should be reserved for private chat rooms. DINUM has not shared any further details regarding the breach. BleepingComputer reached out to DINUM with questions, but a response was not immediately available.
Why this mattersAI · ~100 words
Tap a lens to see what this story means for you.
Reader-supported
Reader-supported · Daily Brief
Daily brief at 7 AM ET. Top tech stories, every morning. Sourced and fact-checked.
HELP US IMPROVE
Reader-supported
The Circuitry is a passion project I've always wanted to build, and I love the work behind it.
Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.
Any contribution is appreciated. If not, no pressure. Thanks for reading.