France probes compromise of gov messaging platform after account hijack

French officials are investigating a compromise of the government’s encrypted messaging service Tchap after attackers hijacked an account and gained access to public chat rooms.

The incident came to light on June 7 when France's National Cybersecurity Agency (ANSSI) detected suspicious activity on Tchap, the government's homegrown messaging service used across ministries and public sector organizations. The French Digital Affairs Directorate (DINUM), which operates the platform, said it immediately began investigating the compromise and moved to block the affected account.

French officials insist the damage was limited and said the attacker could only see messages posted in public chat rooms, which are accessible to all Tchap users. Private conversations, the government says, are encrypted, and their contents remain inaccessible even when an account is compromised.

Not everyone is buying that version of events.

A cyber criminal has claimed responsibility for the attack and said they were able to gain access after they “social engineered” a valid agent account associated with Tchap's education environment.

The alleged hacker claims they accessed more than 73,000 user accounts, 643,000 messages, nearly 60,000 media files, and hundreds of chat rooms. The post, shared by Dark Web Intelligence, also claimed user enumeration was possible through a directory search function and suggested the data included references to documents marked "Diffusion Restreinte," a French government restricted-distribution classification.

None of those claims have been independently verified, and DINUM's statement makes no mention of user directory exposure, restricted documents, or the volumes of data cited by the hacker.

What French officials have confirmed is that investigators are still working through logs to determine exactly which conversations were accessed and whether any data was exfiltrated. The agency has also notified France's data protection watchdog, CNIL, after determining that personal information may have been exposed through content shared in conversations accessible to the attacker.

“A message has been sent to all Tchap users reminding them that a public chat room can be found and joined by any user and that its content is not encrypted,” French officials added. “In accordance with Tchap's terms of service, no personal, sensitive, or confidential information should be exchanged in public chat rooms: such exchanges should be reserved for private chat rooms.”

Whether the incident amounts to a limited exposure of public chat rooms or something considerably larger will depend on what investigators find in the logs, but for now, the government and the attacker are telling very different stories.  ®