A bungled October 18 heist that noticed $102 million of crown jewels stolen from the Louvre in broad daylight has uncovered years of lax safety on the nationwide artwork museum. From trivial passwords like ‘LOUVRE’ to decades-old, unsupported techniques and simple rooftop entry, the job was made surprisingly straightforward. PC Gamer studies: As Rogue cofounder and former Polygon arch-jester Cass Marshall notes on Bluesky, we owe lots of videogame designers an apology. We have spent years dunking on the emptyheadedness of recreation characters leaving their essential safety codes and vault combos within the open for anybody to learn, all whereas the Louvre has been utilizing the password “Louvre” for its video surveillance servers. That is not an exaggeration. Confidential paperwork reviewed by Liberation element a protracted historical past of Louvre safety vulnerabilities, relationship again to a 2014 cybersecurity audit carried out by the French Cybersecurity Company (ANSSI) on the museum’s request. ANSSI consultants had been capable of infiltrate the Louvre’s safety community to control video surveillance and modify badge entry.
“How did the consultants handle to infiltrate the community? Primarily because of the weak spot of sure passwords which the French Nationwide Cybersecurity Company (ANSSI) politely describes as ‘trivial,'” writes Liberation’s Brice Le Borgne through machine translation. “Kind ‘LOUVRE’ to entry a server managing the museum’s video surveillance, or ‘THALES’ to entry one of many software program packages printed by… Thales.” The museum sought one other audit from France’s Nationwide Institute for Superior Research in Safety and Justice in 2015. Concluded two years later, the audit’s 40 pages of suggestions described “critical shortcomings,” “poorly managed” customer circulation, rooftops which are simply accessible throughout development work, and outdated and malfunctioning safety techniques. Later paperwork point out that, in 2025, the Louvre was nonetheless utilizing safety software program bought in 2003 that’s now not supported by its developer, working on {hardware} utilizing Home windows Server 2003.
