FRANCE'S government messaging app Tchap experienced a data breach on June 7, 2026, following the compromise of a single user account via social engineering. The breach exposed approximately 650,000 messages and data related to over 73,000 accounts, including email addresses and device metadata. The attacker claimed to have utilized a social engineering tactic to gain access and discovered hardcoded credentials in a shared script.
While DINUM, France's digital agency, stated that private conversations remain secure due to end-to-end encryption, the breach raised concerns regarding the contents of public chat rooms where sensitive information could have been shared. DINUM has since notified the French data protection authority and emphasized adherence to Tchap's terms, which caution against sharing sensitive data in public forums. The investigation into the breach is ongoing.