---
title: "Hack of the French messenger Tchap: version conflict between the government and hackers"
description: "⚠️ Hack of the French government sector: hackers claim to have stolen 13.5 GB of data from the Tchap messenger. Authorities insist on minimal damage, but the investigation continues. 🇫🇷💻 #Cybersecurity #France #Hack"
date: 2026-06-15T13:10:46.000Z
lang: en
url: https://xab.info/en/posts/hack-of-the-french-messenger-tchap-version-conflict-between-the-government-and-hackers
tags: []
publisher: "XAB.info"
---

# Hack of the French messenger Tchap: version conflict between the government and hackers

![Logo of the French messenger Tchap on a building with flying documents, symbolizing a hack and data leak](https://xab.info/media/2026/06/15/vzлом-frantsuzskogo-messendzhera-tchap-konflikt-versiy/vzлом-frantsuzskogo-messendzhera-tchap-konflikt-versiy-1.webp)

French government bodies have faced a serious cyber incident that calls into question the security of their internal communication channel. At the center of the scandal is the secure messenger Tchap, developed specifically for ministry and department employees. The situation is complicated by the fact that the official government version of minimal attack consequences is in direct conflict with hacker claims of a massive data leak.

### How events unfolded

The alarm signal sounded on June 7, 2026. The French National Cybersecurity Agency (ANSSI) detected suspicious activity within the platform. The reaction was prompt: specialists from the Directorate for Digital Affairs (DINUM), responsible for the service's operation, immediately blocked the compromised account and initiated an internal investigation.

At the moment, the exact scale of the incident remains unclear, however, the very fact of penetration into a system used for official correspondence has already caused a stir.

### Official position: damage is minimal

Representatives of the French government are trying to reassure the public, insisting that the attack was limited in scope. According to their version, the perpetrators gained access exclusively to the public rooms of the messenger. By definition of the platform, these channels are open for viewing by any Tchap user.

The key argument of the authorities is based on security architecture: private chats are protected by end-to-end encryption. Even in the event of account compromise, hackers did not have the technical ability to decrypt and read private messages. Thus, according to the official line, state secrets and citizens' personal information were not compromised.

### Hackers' version: massive leak

A completely different picture is painted by the hacker who took responsibility for the attack. According to Bleeping Computer, the perpetrator claims to have used social engineering methods to seize an account linked to the educational segment of the platform.

The figures voiced by the hacker are impressive:

    - Access to data of more than 73,000 users.

    - Viewing of almost 650,000 messages.

    - Access to hundreds of chats and approximately 60,000 media files.

    - The thief claimed to have downloaded more than 13.5 GB of documents and files.

Particular concern is caused by the claim that among the stolen materials were documents marked "Diffusion Restreinte" (limited distribution). Furthermore, the hacker claims to have found LDAP credentials in the system, which, according to him, were accidentally disclosed via a PowerShell script by a tax authority employee.

### Architecture vulnerability

In addition to the direct hack, the perpetrator pointed out a fundamental problem in the attachment storage mechanism. According to him, any file ever uploaded to Tchap could be downloaded without additional authorization if one knew the corresponding URL. This calls into question the reliability of file exchange in the system, even if the messages themselves are encrypted.

### Lack of confirmation and next steps

At the moment, none of the hacker's claims have been officially confirmed. DINUM statements do not mention a mass leak, file storage issues, or access to official documents. Authorities emphasize that the investigation is ongoing.

Information security specialists are currently studying system logs to accurately determine exactly which conversations the perpetrators viewed and whether data was exfiltrated outside the platform. The French data protection regulator CNIL has already been notified of the incident, as personal information could have been contained in the chats accessible to the attacker.

In conclusion, authorities reminded Tchap users of basic security rules: public rooms are not encrypted and are not intended for exchanging confidential data. The incident with Tchap, launched in 2018 and becoming the main communication tool for 300,000 users following Prime Minister François Bayrou's decision in 2025, has become a serious test for French digital infrastructure.