GoKawiilDINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government's encrypted messaging platform.
Developed in-house by DINUM in collaboration with ANSSI (the French Cybersecurity Agency) in 2018, Tchap is an instant messaging service and collaboration tool based on the decentralized Matrix protocol, designed exclusively for the French public sector.
Tchap has now reached over 300,000 monthly users and over 500,000 downloads on Google's Play Store after Prime Minister François Bayrou mandated the use of Tchap and banned foreign apps for work communications for all civil servants in early August 2025.
DINUM revealed on Monday that ANSSI detected a Tchap breach on Sunday and said that a threat actor gained access to the secure instant messaging platform using a compromised user account.
The French digital affairs directorate has also alerted France's data protection authority, the CNIL, to the incident due to the potential exposure of personal data shared by some users in conversations that the attacker could access, and has alerted all Tchap users, reminding them that public chat rooms are accessible to any user and are not encrypted.
"At this stage, the account originating the malicious requests has been identified. It was immediately blocked to remove the attacker's persistent access and allow for a thorough analysis of the data they were able to access. The investigation continues, including the study of event logs, to identify the conversations that the attacker was able to access and the nature of the exfiltrated data," DINUM said in a Monday press release.
"A message has been sent to all Tchap users reminding them that a public chat room can be found and joined by any user and that its content is not encrypted. In accordance with Tchap's terms of service, no personal, sensitive, or confidential information should be exchanged in public chat rooms: such exchanges should be reserved for private chat rooms."
While the DINUM has not shared any further details regarding this breach, a threat actor claimed responsibility for the incident over the weekend, shared a sample of stolen files, and said they gained access to the platform following a social engineering attack.
Tchap breach claims (ThreatMon)
"I social engineered a valid account on the education shard (matrix.agent.education.tchap.gouv.fr). Everything below is what that one account could reach, other shards will have more," they said.
... continue reading