French government messenger Tchap breached, hitting 73,000 public servants
France's government messaging platform Tchap, the in-house, Matrix-based app that civil servants are required to use instead of WhatsApp or Signal, was breached after a threat actor hijacked a single user account, no software exploit needed. The cyber agency ANSSI detected it on June 7. Officials say data tied to about 73,000 accounts, roughly 9 percent of users, was exposed: the attacker scraped everything shared in public chat rooms, which are not encrypted, while private end-to-end conversations stayed protected. The haul includes over 13.5GB of documents and media plus hardcoded LDAP credentials leaked in a PowerShell script. Entry was via the education ministry's server.
- Check
- Review what your organization shares in unencrypted public or group chat channels, and scan scripts and config files for hardcoded credentials like the LDAP secret exposed in this breach.
- Affected
- Around 73,000 French public-sector Tchap accounts; data posted in unencrypted public chat rooms was exposed, while end-to-end-encrypted private conversations were not. The entry point was one hijacked account.
- Fix
- Enforce phishing-resistant MFA so single accounts cannot be hijacked, remove hardcoded credentials from scripts, treat public chat rooms as non-confidential, and monitor for bulk data access across collaboration platforms.