- French government chat app Tchap breached via stolen valid account, attacker claims 13.5GB exfiltrated
- Claimed features include 73,000 accounts, 640,000+ messages, 800+ chat rooms; private chats encrypted, public spaces not
- ANSSI and DINUM are investigating amid wider warnings about state-targeted messaging app espionage
A chat app used exclusively by French government employees was apparently hacked and hundreds of thousands of messages were allegedly exfiltrated, with authorities now investigating the claims.
Back in 2025, French Prime Minister François Bayrou banned the use of foreign chat apps, such as WhatsApp or Signal, for work communication. Instead, employees were told to use Tchap, an instant messaging and collaboration tool built by DINUM, the French government’s digital affairs directorate, and ANSSI, France’s cybersecurity agency.
The app is a fork of Riot and only available to users with a .gov address. The app apparently has more than 300,000 monthly users, as well as more than 500,000 downloads on the Google Play Store.
“miser” asserts the breach
A threat actor with the alias “misere” recently took to the dark web to claim the attack, saying they used social engineering to exfiltrate 13.5GB of data from the app.
Among the stolen data are 73,467 user accounts, 643,459 messages, 876 chat rooms with message history and 59,386 shared media files. They also claimed to have access to discussion rooms involving staff from several French ministries.
Meanwhile, ANSSI confirmed the app suffered a security breach and said initial reports were of a valid account being stolen. The agency said that private conversations in the app are encrypted, but public conversations are not.
DINUM added that it was now investigating the incident.
In March 2026, the General Intelligence and Security Service (AIVD), the Netherlands’ primary civilian intelligence and security agency, warned of a major ongoing cyberespionage campaign by Russian spies attempting to gain access to Signal and WhatsApp accounts belonging to dignitaries, military personnel and civil servants, including Dutch civil servants.
A few weeks later, both the FBI and CISA issued the same warning, urging US government employees to be careful with their mobile apps.
Via Cyber news
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
