The password for the Louvre's security cameras was 'Louvre'
Following the theft that occurred at the Louvre on October 19, 2025, it has been pointed out that the museum's security may have been sloppy. It is particularly noteworthy that the security of the museum's IT systems was weak, as evidenced by the fact that the password for the security cameras had previously been set to 'Louvre.'
«Louvre» en mot de passe, logiciels obsolètes, mises à jour impossibles… Dix ans de failles dans la sécurité informatique du premier musée au monde – Libération
On October 19th, four robbers wearing ski masks broke into the Louvre Museum and stole several art works. The short time it took, less than 10 minutes, suggests that the robbery may have been well planned and that the museum's security measures may have been too weak.
Theft occurs in broad daylight at the Louvre, Napoleon's jewels and crown are stolen in just a few minutes - GIGAZINE
Immediately after the robbery, French Culture Minister Rachida Dati repeatedly insisted that 'the security system was not malfunctioning.' However, 10 days later, she changed her tune, insisting that 'the alarms were activated,' but emphasizing that 'there were indeed security flaws.' She then announced the first emergency measures to audit and correct the security flaws, saying, 'We will thoroughly investigate the flaws, the negligence, and the responsibility.'
These security flaws have existed for more than a decade, according to documents seen by local media outlet Libération.
According to the documents, three cybersecurity experts conducted a security investigation of the Louvre in mid-December 2014. The purpose of the investigation was to investigate vulnerabilities in the Louvre's network, which connects the museum's most important protection and detection equipment, including access control, alarms, and video surveillance.
The investigation revealed that the Louvre's security was extremely lax and had many vulnerabilities. For example, the password for the server managing the surveillance cameras was 'Louvre,' and the password for the security system developed by the French company Thales was 'Thales,' a direct copy of the company's name. Furthermore, as of 2014, the museum was still using an outdated version of Windows 2000. Security experts therefore urged the Louvre to create a more complex password and fix the vulnerabilities.
In October 2015, the Louvre requested a new audit, and over the course of a year and a half, officials from the National Institute for Security and Justice conducted on-site visits and interviews with museum executives to understand the current state of security system deficiencies. However, the investigation revealed that some of the 2014 flaws had not been fixed, and security experts concluded that 'while the museum has been relatively spared up to now, the possibility of serious consequences can no longer be ignored.'
The 2015 investigation pointed out that visitor management was inadequate, that access to the roof was possible during construction, and that there were deficiencies in the security system, including surveillance cameras and access control. Other issues also included the continued use of an outdated operating system, failure to update antivirus software, and failure to set passwords or session locks.
Regular investigations have continued since then, and it has been discovered that the Thales security system, which is no longer in development, is still being used in 2025, and that the system continues to run on machines running Windows Server 2003, which was no longer supported in 2015, and that it has numerous vulnerabilities.
Related Posts:
