So here’s a fun fact that emerged after last month’s $102 million jewel heist at the Louvre: the password to their video surveillance system was simply “LOUVRE.”
Yes, just the name of the museum. Not exactly the Fort Knox-level security you’d expect from one of the world’s most famous cultural institutions.
According to confidential documents reviewed by French newspaper Libération, France’s National Cybersecurity Agency discovered this less-than-stellar password situation back in 2014. They also found that software made by the company Thales was protected by the password “THALES.” The agency’s experts were able to access the security system, manipulate camera feeds, and modify staff badge access without much difficulty.
A follow-up audit in 2015 revealed even more problems: “serious shortcomings” including poorly managed visitor flow, rooftops that were easily accessible during construction, and security software from 2003 that was still running on Windows Server 2003—an operating system Microsoft stopped supporting over a decade ago.
Museum director Laurence des Cars admitted she was “appalled” by the security situation when she took over in 2021, calling the recent robbery “a terrible failure at the Louvre.” Culture Minister Rachida Dati, after initially defending the systems, later acknowledged there had been “a chronic and structural underestimation of the risk of theft.”
The October 18 heist itself was remarkably brazen. At 9:30 AM on a Sunday morning—during operating hours—four suspects used a mechanical lift to break into the Gallery of Apollo through a second-floor window. The only camera monitoring that exterior wall was pointing the wrong direction. They smashed display cases with power tools and escaped on scooters. The whole operation took about four minutes.
Four people have been charged so far, including a taxi driver, an unemployed garbage collector, and a social media personality who goes by “The Motocross Legend.” Despite the arrests, the stolen jewels remain missing and at least one suspect is still at large.
On the bright side, at least now we know that video game designers who make NPCs leave their passwords lying around weren’t being unrealistic—they were just being observant.