-
A threat actor named “misere” claims to have stolen data tied to thousands of users of France’s Je Veux Aider volunteer platform.
-
The alleged leak includes volunteer details, association records, and mission management data, though French officials have not confirmed the breach.
-
The claim follows a confirmed breach of France’s government messaging platform Tchap, also linked to the same hacker, raising questions about a possible pattern.
A cybercriminal has claimed responsibility for a new attack on Je Veux Aider, the French government’s official volunteer engagement service.
The hacker claims they stole data of more than 558,000 people, allegedly spanning over 1.24 million.
Which Platform Got Hit
Je Veux Aider is not some small website. It is the official platform of France’s Civic Reserve program. This organization builds a bridge between interested members of the public and charitable organisations, other non-profit groups, or local community organisations as well as providing an avenue for supporting public interest projects across the nation.
This platform garnered substantial attention during the COVID-19 crisis when it enabled France to find volunteers to assist with various efforts requiring community support and emergency response. Interested parties signed up to provide assistance to vulnerable population groups, deliver food supplies, and also helped out at hospitals that needed more hands.
This role gave the platform access to a large amount of personal information, including data regarding volunteer, organisation personnel, and specific mission involvement. If this data leaks, real people could potentially experience real-world harm.
The threat actor asserts that the leaked dataset contains information regarding some 421,000 unique email addresses.
The database also reportedly contains additional information such as contact details, geographically related information, and records documenting the history of volunteer engagement with respect to various charities and non-profits as well as other public interest projects.
If verified, this would rank among the larger recent exposures involving a French public service platform.
Who is this Hacker?
The attacker goes by the online name “misere.” That same individual also claimed responsibility for a recent breach of Tchap, France’s secure messaging app for public workers.
French authorities confirmed the Tchap breach earlier this month. Someone had accessed the app’s system by hacking into a user’s account. ANSSI, France’s cybersecurity agency detected the movement and blocked the account quickly.
They launched an investigation to figure out what information may have been accessed. The country’s privacy regulator, CNIL, also received a notification because personal information may have been exposed.
The hacker claimed that they stole nearly 650,000 messages in the Tchap hack attack and also accessed personal information from over 73,000 accounts. They also allegedly grabbed over 13 gigabytes of shared files.
Now the same actor is making very similar claims about Je Veux Aider.
How the Attacker Says They Got the Data
The threat actor described their method in a public statement. Here is exactly what they wrote: “I collected data for 17 hours straight using 10 different IP addresses and 107 accounts.”
Read that statement carefully. It does not describe a traditional network intrusion. It does not mention malware or hacking through a firewall. Instead, it describes something much simpler: large-scale automated collection.
The attacker used many different accounts. They used many different internet connections. Then they just kept gathering information for hours on end.
The hacker also mocked the platform’s security controls. They asked whether the service had only one administrator. They also wondered whether security relied on “hope.”
Those are harsh questions. But without official confirmation, we cannot say whether the mocking is fair. There is no independent evidence yet proving how they got the data. We also do not know if the reported dataset came from a database compromise, excessive account permissions, automated scraping, or another source entirely.
What Information was Allegedly Taken?
According to the information provided by the hacker, the data they have access to contains records of 558,952 persons. This is only the beginning of what we know about the data.
The data set includes people who have volunteered, people who are leaders of associations, and people who are managers of missions. The data set contains email addresses, telephone numbers, location data and records of how persons engaged with the volunteer program. According to the hacker, there are over 421,000 unique email addresses within the total amount of data available.
If the information is correct, then the level of exposure for the individual could be extreme. We are talking about hundreds of thousands of French citizens who offered their time to help others. Now their personal details may be floating around in criminal hands.
However, one major caution must be put out here: there is no independent verification of the authenticity of the data. There has been no public confirmation of this by French law enforcement. And no notifications to affected users have been announced.
Possible Connection to Recent Tchap Breach
The timing here is hard to ignore. The Je Veux Aider claim came just days after officials confirmed the Tchap breach. Both incidents involve French public-sector platforms. Both are linked to the same threat actor. And in both cases, the attacker describes gathering information through account access and large-scale collection rather than exploiting a major software flaw.
Putting those similarities side by side, the Je Veux Aider claim references 107 accounts and 17 hours of data collection. The Tchap incident similarly involved claims of extensive scraping and access to information available through legitimate accounts. The attacker didn’t hack any server, nor did they bother exploiting a zero-day vulnerability. Instead, they appear to have used accounts and permissions that already existed.
These details have led some observers to believe the actor may be focusing on weak access controls, account abuse, and large-scale data harvesting across French government-related services. In other words, this may not be about one lucky hack. It may be about a pattern of behavior targeting multiple platforms.
French organizations continue to face data breach incidents. IT firm Réseau.site recently suffered a breach as a hacker published user records, adding to the growing list of French data exposures.
A Lot of Questions Remain Unanswered
So many things have yet to be clarified.
First, is the data real? There is no public evidence confirming that Je Veux Aider’s internal systems suffered any breach. The attacker could be lying. They could be exaggerating. Or they could have real data from a source that is not what they claim.
Second, how did the attacker obtain the data? The attacker describes using 107 accounts and 17 hours of collection. But that still does not tell us whether they broke into a database or simply scraped publicly available information.
Third, has anyone verified the dataset? No independent researcher has come forward to confirm the contents. No journalist has reviewed sample records. Right now, we only have the hacker’s word.
Also, what are the authorities doing about this? At the time of writing, there’s no official public statements regarding the claim. No press releases. No statements to the press. No announcements about notifications to affected users.
