You Will Cringe When You Hear the Louvre Video Surveillance System’s Actual Password
On October 19, criminals used a truck-mounted ladder to pull off an astonishing heist, gaining access to the Louvre’s Apollo Gallery in Paris to steal diamond and sapphire-encrusted jewelry that once belonged to royalty. The robbery drew widespread disbelief, especially considering the thieves’ low-tech approach. How did a mechanical lift allow them to break into the Louvre, steal invaluable objects, and make off on motorcycles in broad daylight? As Libération reported over the weekend, the iconic museum’s security sounds seriously lacking.
In This Article:
- Security gaps exposed as Libération calls Louvre security lacking
- Cybersecurity experts’ breach shows how easily access could be gained
- A 2017 audit reveals serious shortcomings and poorly managed visitor flow
- Ten years of drift: outdated software and legacy hardware
- Four suspects identified by police, with DNA recovered from the scene
- A note on data security
- Author’s perspective and background
Security gaps exposed as Libération calls Louvre security lacking
Perhaps most glaringly, the paper obtained internal documents that date back to 2014, suggesting that the Louvre’s video surveillance server password was — we are not kidding — “Louvre.” While it’s unclear if the password has since been updated, it’s nonetheless an enormous IT oversight that suggests the world-class museum may be suffering from some serious gaps in its security. Experts at the French Cybersecurity Agency easily got into the poorly secured network at the time to manipulate video surveillance and could even change who could access the system.
Cybersecurity experts’ breach shows how easily access could be gained
However, the thieves likely didn’t even attempt to get into the video surveillance network, considering the museum’s camera systems recorded plenty of footage of them breaking into the building and using angle grinders to laboriously cut open glass cases protecting the jewelry.
A 2017 audit reveals serious shortcomings and poorly managed visitor flow
Per Libération, a 40-page audit by the National Institute for Advanced Studies in Security and Justice concluded in 2017 that the Louvre’s security had “serious shortcomings” and “poorly managed” visitor flow. The institute also found that rooftops were easily accessible while the museum was under construction, and that it was working with outdated and malfunctioning security systems.
Ten years of drift: outdated software and legacy hardware
Things didn’t get better over the last ten years, with 2025 documents suggesting the Louvre was using security software it had purchased in 2003, running on hardware using the long-obsolete operating system Windows Server 2003.
Four suspects identified by police, with DNA recovered from the scene
Police have since identified four suspects, in some cases using DNA recovered from the crime scene. Ironically, as CNN reports, none of them have any association with organized crime — and instead appear to be local petty criminals that already have an established record for previous robberies.
A note on data security
More on data security: Programmers Using AI Create Way More Glaring Security Issues, Data Shows
Author’s perspective and background
I’m a senior editor at Futurism, where I edit and write about NASA and the private space sector, as well as topics ranging from SETI and artificial intelligence to tech and medical policy.
