Louvre heist reveals museum used ‘LOUVRE’ as password for its video surveillance, still has workstations with Windows 2000 - glaring security weaknesses revealed in previous report

The recent heist at the Louvre, in which jewelry worth around €88 million (US$101 million) was stolen from the museum in broad daylight, has revealed glaring weaknesses in the museum's security systems. According to the French publication Libération [machine translated], a security audit by the French National Agency for the Security of Information Systems (ANSSI) in 2014 reported that the museum’s video surveillance system’s password was ‘LOUVRE.'

The same audit revealed that another system, built by defense and cybersecurity company Thales, used ‘THALES’ as its access credentials. Additionally, the museum's automation network also used computers that were equipped with Windows 2000 operating systems — making them vulnerable, as Microsoft stopped support for Windows 2000 in 2010.

Another security audit — this time by the National Institute for Advanced Studies in Security and Justice — was executed the following year and completed in 2017. This more in-depth report revealed additional weaknesses in both physical and digital security, noting the same issues raised in the previous report — namely, the use of obsolete systems and password vulnerabilities. Both reports were stamped confidential — and rightly so, as they exposed significant vulnerabilities. And if you're wondering if these problems were addressed in the eight years since the last audit, Libération, did some more digging and discovered the museum was still running outdated operating systems as late as 2021.

Coincidentally, the Louvre underwent another security audit earlier this year — although that audit's findings have yet to be revealed. That said, the person in charge of the review told the French Senate that the museum’s systems “needed to be truly modernized.” The museum curator also said, “What I can testify to is that the Louvre’s management was fully aware of the… not of the weakness, but of the need to have a fresh look at the security system of the entire museum.”

Although the museum's poor cybersecurity practices are not necessarily responsible for the recent heist, these audits reveal systemic deficiencies in how the Louvre handles security in general. Hopefully, this will be a wakeup call that spurs the administration to implement the recommendations security experts have been making for, apparently, over a decade.

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.