France's Tchap Messaging Platform Breached by Hijacked Account
Authorities blocked the compromised account and opened a forensic investigation to determine what public chat content was exposed.
Overview
- France’s cybersecurity agency ANSSI detected the intrusion on June 7 and DINUM identified and immediately blocked the hijacked user account used to access Tchap.
- Officials say the attacker’s access was limited to public chat rooms that are not end‑to‑end encrypted and that private, encrypted conversations should remain secure.
- An individual posting online claimed to have taken roughly 73,000 accounts, 643,000 messages and about 13.5 GB of media but French authorities have not verified those figures.
- DINUM has notified CNIL, alerted all Tchap users about the public-room exposure risk, and is analyzing event logs to map which conversations and files the account could reach.
- Tchap is a state-managed platform made mandatory for civil servants in 2025, which increased its user base and makes the investigation important for government operations and personal data protection.