After a high-profile robbery at the Louvre, where criminals stole tens of millions of dollars in jewelry in a matter of minutes, an investigation revealed that the password for the museum’s video surveillance system was simply “Louvre.” Audits by the French cyber agency since 2014 have identified serious security issues that have never been fixed.
According to French publication Libération (via PCGamer), a 2014 audit by France’s National Cybersecurity Agency (ANSSI) found that the Louvre’s video surveillance system was protected by the password “Louvre.” Further inspections found “serious deficiencies,” including outdated software that hadn’t been updated in more than 20 years and easy access to the roofs during renovations. Despite repeated warnings, the museum failed to upgrade its infrastructure.
The robbery occurred at 9:30 a.m. on Sunday, during business hours. Four attackers, using a ladder and power tools, entered the second floor, threatening visitors and employees, but no one was injured. The entire operation lasted about eight minutes. Police have already detained four suspects, but the jewels have not yet been found. The Louvre is not the first place to be the scene of high-profile crimes – in 1911 the Mona Lisa was stolen, and the last such incident occurred in 1998. Despite its status as one of the most famous cultural institutions in the world, the museum’s cybersecurity system remained at the level of the early 2000s.
The story with the Louvre password has become a symbol of how underestimating the basic principles of cybersecurity can turn into a disaster even in the most prestigious institutions. Simple passwords, lack of updates and weak controls are not trifles, but direct gateways for criminals.
