France's government says an attacker got into Tchap, the encrypted messaging service used by public-sector workers, by taking over a valid user account. DINUM said ANSSI detected the intrusion on June 8 and blocked the compromised account, while investigators review logs to determine what conversations and data were accessed or stolen. A threat actor claimed the access came from social engineering on an education-related Tchap shard and alleged theft of 13.5GB of files, roughly 650,000 messages, and data on more than 73,000 accounts, plus a flaw allowing shared media files to be downloaded without a token.
Why it matters: This affects a government communications platform with more than 300,000 monthly users, so exposed chats, files, and account metadata could have broad public-sector impact. French agencies and users should treat the incident as potentially sensitive, review what was shared in public rooms, investigate account takeover paths, and reset or harden credentials where appropriate.
2026.06.09
98% relevant
This article appears to cover the same Tchap incident and adds details that ANSSI detected suspicious activity on June 7, DINUM says only public chat rooms were exposed, CNIL was notified, and the alleged attacker claims much broader access including tens of thousands of accounts, hundreds of thousands of messages, and possible exposure via directory search.
Sergiu Gatlan
2026.06.09
100% relevant
This article establishes a new tracked story by identifying a specific intrusion into France's Tchap government messaging platform, including the access method, affected service, and preliminary scope of potentially exposed data.
← Back to all stories