DINUM, the French government's digital affairs directorate, disclosed that hackers breached Tchap, an encrypted messaging platform for the French public sector, by hijacking a user account through social engineering. The attacker accessed the platform via a compromised account on the education shard and allegedly exfiltrated over 13.5GB of documents and media files, nearly 650,000 messages, and metadata from over 73,000 accounts. The attacker also claimed to have obtained hardcoded LDAP credentials leaked via a PowerShell script. Public chat rooms on Tchap are not encrypted and accessible to all users, which was reiterated to users post-incident. The compromised account was immediately blocked, and an investigation is ongoing to determine the extent of data accessed and exfiltrated. No vendor advisory or patch information is available.

The breach exposed a large volume of user data including messages, files, email addresses, organizational information, meeting links, and device metadata. Sensitive information shared in private chats may have been accessed. Public chat rooms are not encrypted and accessible to any user, potentially increasing exposure of non-sensitive data. The incident risks privacy violations and potential misuse of exposed data. The breach also undermines trust in the government’s secure communication platform.

The compromised account has been blocked to remove attacker access. Users were notified to avoid sharing personal, sensitive, or confidential information in public chat rooms, which are not encrypted. No official patch or fix has been announced; patch status is not yet confirmed — check with DINUM or ANSSI for updates. Organizations using Tchap should review user account security and consider additional authentication controls to prevent social engineering attacks.