The Point: Cybercriminals compromised an account on Tchap and stole data from over 73,000 accounts and 650,000 messages; the attacker cited social engineering, exposed LDAP credentials, and missing token validation during file downloads as causes.
Cybercriminals have infiltrated the French government platform Tchap via a compromised user account and, according to their own statements, exfiltrated over 650,000 messages and data from approximately 73,000 accounts. The national cybersecurity authority ANSSI discovered the breach on Sunday; the affected account was immediately locked.
The French Digital Directorate DINUM reported the security incident on Tchap, the decentralized messaging platform based on the Matrix protocol that has been operated for the French public sector since 2018. An attacker gained access to the system via a compromised user account according to DINUM. The affected account was identified and blocked; an ongoing analysis of access logs is to reveal which conversations the attacker accessed and what types of data were removed.
The anonymous actor claimed responsibility and published samples of the stolen data. According to his statements, he obtained access via social engineering to an education ministry account. The attacker claims to have stolen over 13.5 gigabytes of documents and media files, nearly 650,000 messages, and information on approximately 73,000 accounts. The attacker also cited hardcoded LDAP credentials exposed via a PowerShell script of a regional director of the French tax authority as an attack vector. According to the attacker, all files shared on Tchap can be downloaded without a token once the media URL from a message is known.
The exfiltrated data contains email addresses with organizational assignments, meeting links, and metadata from accounts and devices. DINUM warned all users that public chat rooms are visible without encryption to every system user; confidential or sensitive information may only be exchanged in private chat rooms. Prime Minister François Bayrou mandated in August 2025 that all French civil servants use Tchap for official communications and prohibited the use of foreign applications. The platform now has over 300,000 monthly active users.
Source: www.it-daily.net · Published June 9, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.