A cyberattack targeting Tchap, the French government’s secure messaging platform, compromised more than 73,000 user accounts after attackers exploited weaknesses in the app’s authentication system.
French authorities confirmed that 73,119 accounts were affected in the incident, which was discovered on May 31. The breach targeted the platform’s account recovery process, allowing attackers to hijack user accounts without needing their passwords. The compromised accounts represented roughly 15% of the platform’s total user base.
Tchap is widely used by French government employees, public officials, and state institutions for internal communications. The service was launched in 2019 as a secure alternative to commercial messaging applications and is managed by the French government’s Interministerial Digital Directorate (DINUM).
According to investigators, the attackers exploited a flaw in the password recovery mechanism. By abusing the account reset process, they were able to gain unauthorized access to user accounts and take control of them. Authorities said there is no evidence that the attackers breached Tchap’s core infrastructure or encryption systems.
The investigation found that compromised accounts primarily belonged to government employees and public-sector workers. French officials stated that while accounts were hijacked, there is currently no indication that classified information or state secrets were accessed during the incident.
Following the discovery of the attack, authorities immediately disabled the vulnerable recovery feature and forced password resets for affected users. Additional security measures were also introduced to prevent similar attacks in the future.
The breach has renewed concerns about the security of government communication platforms, particularly those relied upon by public officials and state agencies. Although Tchap was designed as a secure messaging service, the incident highlights how weaknesses in authentication and account management systems can undermine otherwise secure platforms.
French cybersecurity authorities continue to investigate the attack and have not publicly attributed it to any specific threat actor. Officials said affected users have been notified and are being advised to review account activity and update their security settings.
The incident follows a growing number of attacks targeting government communication tools and identity systems worldwide, as cybercriminals increasingly focus on account takeover techniques rather than direct attacks against encrypted infrastructure.