After the high-profile robbery in October 2025, information spread across the Internet about numerous security problems with the museum, in particular that employees used a password that was too simple to access the cameras. We decided to check if this is true.
The absurd situation with cybersecurity of the largest French museum was reported by Russian media (RT, Lenta.ru, Life.ru, "Poster", TV channels "Moscow 24" And "Ren-TV", etc.), profile portals about technologies And information security, social network users (“VKontakte", X, Facebook, Telegram) and blogging platforms (“Habr", vc.ru).
October 19, 2025 a group of attackers penetrated to the Apollo Gallery of the Paris Museum and stole the jewels of the French emperors from there. Authorities evaluate the damage caused amounted to €88 million. The crime was committed not only very quickly and professionally, but also quite brazenly - in broad daylight, after the opening of the museum, and this raised questions about the Louvre's security system. Although immediately after the robbery, French Minister of Culture Rachida Dati statedthat the museum's security system worked correctly, she later changed her rhetoric and admitted: the reason for the robbery was largely a chronic underestimation of such risks.
The earliest publication about a very simple password on CCTV cameras that Verified was able to find was published in a French publication Liberation November 1, 2025. Indeed, with reference to confidential reports from the French National Cyber Security Agency, it was stated that the Louvre password was used to access CCTV cameras at the Louvre, and to enter one of the programs that ensured the security of the museum, the password coincided with the name of the developer of this very program. However, many of those who later published this anecdotal story citing Libération missed one important detail from the original source: the audit that revealed all these security holes was conducted in 2014, more than ten years before the heist. And there is no evidence that the password has not been changed over the years and that it somehow influenced the success of the robbers.
Nevertheless, there were indeed problems with ensuring security at the museum. For example, the French Court of Auditors reproached The Louvre's management is that it has time and again chosen to allocate budget to the acquisition of new works of art and the implementation of new projects, rather than to strengthening security. Thus, many halls are still not equipped with CCTV cameras (for example, the Denon wing, the most visited part of the museum, where the Mona Lisa hangs, was only 64% equipped with cameras in 2024). Representatives of the Accounting Chamber felt that the museum’s leaders were unable to set priorities correctly. However, given that over the past decades thefts happened in many large museums in European countries, it is unlikely that the security problem concerns only the Louvre.
Of course, in light of what happened, the story with the password looked like an anecdote and caused a wide public outcry, although the information was somewhat outdated. Nevertheless, such carelessness is shown by millions of people around the world, including from serious organizations. Cyber Security Specialists analyzed largest databases of passwords that were made publicly available as a result of leaks in recent years, and found that, despite the growing threat of hacking and constant warnings from experts, the most popular password is still 123456. Moreover, in the leaked databases present tens of millions of admin logins and passwords. In 2024, Nordpass, a company developing software for storing secure passwords, amounted to rating the most popular passwords based on huge amounts of data, including those same leaks. The first ten lines are occupied by much more obvious passwords than even Louvre: 123456, 111111, 123123, qwerty123, password, secret, etc. And, worst of all, the top corporate passwords almost completely coincided with personal ones. Consequently, such a security gap exists not only in the Louvre and not even only in museums.
Thus, judging by reports in the French media, citing confidential documents from regulatory authorities, in the Louvre, for some time, access to surveillance cameras could indeed be obtained using a password representing the name of the museum itself. However, this security flaw was discovered in 2014, and there is no evidence that it has not been fixed since then or that it was a weak password that helped the burglars in October 2025.
Cover photo: Syced, CC0, via Wikimedia Commons
- Liberation. “Louvre” en mot de passe, logiciels obsolètes, mises à jour impossibles... Dix ans de failles dans la securité informatique du premier musée au monde
- Forbes. Warning – 19 Billion Compromised Passwords Have Been Published Online
- Is it true that this photo shows an inspector investigating the robbery of the Louvre?
- Does the US Secretary of Defense have an email on Mail.ru? It seems that not everything is so clear
If you find a spelling or grammatical error, please let us know by highlighting the error text and clicking Ctrl+Enter.
