Louvre’s Security Password Was Shockingly Set to “LOUVRE”
A post-heist investigation has revealed that the Louvre Museum’s video surveillance system was protected by the incredibly weak password “LOUVRE” – a security blunder that cybersecurity experts call “one step above using ‘password’.”
Key Security Failures
- Video surveillance password: “LOUVRE”
- Software access password: “THALES” (the software provider’s name)
- Outdated Windows systems with known vulnerabilities
- Warnings ignored since 2014 security audits
Decade of Security Warnings
Confidential documents from the French National Cybersecurity Agency (ANSSI) show security concerns dating back to 2014. The agency warned that compromised systems could “facilitate damage or even theft of artworks,” yet protections remained “trivial.”
Javvad Malik, cybersecurity advisor at KnowBe4, told Daily Mail: “The museum’s video surveillance systems were protected by shockingly simplistic passwords. By making these passwords the same as the name of the museum and software provider, the Louvre opened the door to even the most basic hacking attempts.”
Connection to $102 Million Heist
While it’s unclear if these security weaknesses contributed directly to the October 18 heist where $102 million worth of crown jewels were stolen, the timing raises serious questions. The thieves used a stolen mechanical lift to access the Gallery of Apollo via a balcony, cracking display cases and escaping within four minutes.
Paris prosecutor Laure Beccuau described the perpetrators as “petty criminals rather than professional members of an organised crime group,” noting they dropped Empress Eugenie’s crown during the escape and left tools behind.
Social Media Reaction
The security revelations sparked widespread ridicule online. One X user commented: “If you feel like you’re bad at your job, just consider that the password to access the Louvre’s video surveillance system was ‘Louvre’.”
Another shocked user asked: “My password at work has to be like 15 characters… how is that possible?” while a third joked: “not even L0uvr3! ?”
Malik concluded: “When systems safeguarding priceless cultural treasures rely on guessable credentials, it’s not a policy gap – it is an invitation, serving as an indicator that the overall culture of security may be weak.”
