A bungled October 18 heist that noticed $102 million of crown jewels stolen from the Louvre in broad daylight has uncovered years of lax safety on the nationwide artwork museum. From trivial passwords like ‘LOUVRE’ to decades-old, unsupported techniques and straightforward rooftop entry, the job was made surprisingly simple. PC Gamer reviews: As Rogue cofounder and former Polygon arch-jester Cass Marshall notes on Bluesky, we owe a number of videogame designers an apology. We have spent years dunking on the emptyheadedness of recreation characters leaving their essential safety codes and vault combos within the open for anybody to learn, all whereas the Louvre has been utilizing the password “Louvre” for its video surveillance servers. That is not an exaggeration. Confidential paperwork reviewed by Liberation element an extended historical past of Louvre safety vulnerabilities, courting again to a 2014 cybersecurity audit carried out by the French Cybersecurity Company (ANSSI) on the museum’s request. ANSSI specialists had been in a position to infiltrate the Louvre’s safety community to control video surveillance and modify badge entry.
“How did the specialists handle to infiltrate the community? Primarily because of the weak spot of sure passwords which the French Nationwide Cybersecurity Company (ANSSI) politely describes as ‘trivial,'” writes Liberation’s Brice Le Borgne by way of machine translation. “Sort ‘LOUVRE’ to entry a server managing the museum’s video surveillance, or ‘THALES’ to entry one of many software program packages printed by… Thales.” The museum sought one other audit from France’s Nationwide Institute for Superior Research in Safety and Justice in 2015. Concluded two years later, the audit’s 40 pages of suggestions described “severe shortcomings,” “poorly managed” customer move, rooftops which might be simply accessible throughout building work, and outdated and malfunctioning safety techniques. Later paperwork point out that, in 2025, the Louvre was nonetheless utilizing safety software program bought in 2003 that’s not supported by its developer, operating on {hardware} utilizing Home windows Server 2003.
