At one time, the Louvre’s video surveillance system actually used its own name as a password, as first reported by the French newspaper Libération.
In October, a theft took place at the renowned Paris museum, resulting in the loss of several valuable jewels dating back to the Napoleonic era. The National Cyber Security Agency of France (ANSSI) had previously audited the Louvre’s security in 2014. During this audit, they found that the password for the server overseeing the museum’s video surveillance was simply “LOUVRE.” They cautioned that such a compromised server could potentially facilitate a robbery.
Additionally, the password for a security program from a French cybersecurity firm, Thales Group, was also “THALES” at the time of the audit, according to Libération.
ANSSI’s audit report suggested that if hackers gained access to the network, they could easily damage or steal artworks. They pointed out multiple vulnerabilities in applications and systems connected to the security networks. Their report went on to explain that attackers could compromise security systems, disrupt video monitoring through old servers, and alter access rights by manipulating the database for badge controls.
Interestingly, during that same 2014 audit, the Louvre was relying on the outdated Windows 2000 for its office network, which ANSSI criticized as obsolete. They recommended that the museum implement more complex passwords than “LOUVRE” or “THALES.”
It’s unclear whether the passwords were updated after the audit and, if they were, to what they changed.
In 2017, another assessment of the Louvre’s security was carried out by a different French government agency. This audit echoed ANSSI’s earlier findings, revealing “serious deficiencies” throughout the system. The 2017 report warned that while the Louvre had remained relatively safe, the risk of a potentially devastating attack could no longer be ignored.
According to Microsoft support, a “strong” password should ideally have at least 12 characters, mixing upper and lower case letters, numbers, and symbols. Also, it shouldn’t be easily guessable or related to a person or organization.
On October 18, four thieves disguised as construction workers gained access to the Louvre’s Apollo Museum and stole around ten pieces of France’s crown jewels, valued at about $100 million. While two of the suspects were arrested on October 25, one was apprehended at the airport while reportedly trying to flee to Algeria. Four days later, five additional individuals were arrested, though three were released without charges.
In total, four suspects were involved. The Paris prosecutor mentioned that these individuals—three men and one woman—were petty criminals living in the suburbs of Paris, with no known affiliations to organized crime.
So far, authorities have not recovered the eight pieces of jewelry that were stolen. The Louvre is home to countless iconic artifacts, including Leonardo da Vinci’s Mona Lisa and the Venus de Milo.
Requests for comments from the Louvre, ANSSI, and the French Interior Ministry went unanswered.
