The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector.
DINUM, the French government's digital affairs directorate,
disclosed on Monday that a threat actor gained access to the Tchap platform using a compromised user account and notified France's data protection authority (CNIL) due to the potential exposure of personal data shared by some users.
While it initially shared almost no details about what was exposed and how many people were affected by this breach, the DINUM disclosed in a subsequent update that the attackers may have accessed information shared by around 9% of all registered users on the platform.
DINUM explained that while private conversations are encrypted and their content protected, the attacker was able to steal all the data shared in public chat rooms, which are not encrypted. This allowed them to collect the users' names and email addresses, as well as their avatar images and the public sector organization they work for.
"Of the more than 825,000 registered agents, 73,467 agents would be affected by this incident, or less than 9% of registered users. These forums, by design, are open to all users and their messages are not encrypted. Officers' private conversations remain protected," it said.
"At this point, the account behind the malicious requests has been identified. It was immediately blocked in order to remove the attacker's persistent access and allow in-depth analysis of the data he was able to access. Potentially exposed data from user accounts concerns at least: last name, first name, email address, belonging entity and avatar."
Although DINUM has yet to attribute this breach, a threat actor claimed responsibility for the attack over the weekend and shared a sample of stolen files, saying they gained access to the platform following a social engineering attack.
The threat actor claimed to have scraped nearly 650,000 messages and information from more than 73,000 accounts, including their email addresses, meeting links, organization information, as well as account and device metadata.
They've also allegedly stolen over 13.5GB of documents and media files shared by public servants using the Tchap service, as well as hardcoded LDAP credentials leaked via a PowerShell script.
Developed by DINUM in collaboration with ANSSI (the French Cybersecurity Agency) in 2018, Tchap is a decentralized collaboration tool and instant messaging platform for the French public sector, based on the Matrix protocol.
After becoming the default app for work communications for all civil servants
in early August 2025, Tchap has reached over 300,000 monthly users and now has over 500,000 downloads on Google's Play Store.
In May, French authorities also
arrested a 15-year-old suspected of selling data stolen in an April cyberattack on ANTS (Agence nationale des titres sécurisés), the country's agency for issuing and managing official identity and registration documents.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Get the whitepaper
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now
<small>Source: Bleeping Computer</small>
