Louvre Museum security password was simply “LOUVRE”, shocking report says

• The Louvre Museum's video surveillance and entry control systems were secured with the simple passwords "LOUVRE" and "THALES" during the sensational $88 million jewel heist.
• Confidential reports revealed the museum had ignored explicit warnings about these weak digital security vulnerabilities dating back nearly a decade.

In the aftermath of the sensational jewel heist at the Louvre Museum in October, confidential security reports have revealed that the digital keys protecting the institution’s video surveillance were laughably simple.

Following the brazen daylight robbery on October 19, when thieves made off with at least eight pieces of the French Crown Jewels valued at approximately €88 million, investigative reports accessed by the French newspaper Libération detailed the vulnerabilities.

The password for the museum’s critical video surveillance server was simply the name of the museum: "LOUVRE".

Further documents revealed that the software used to manage cameras and entry controls, a system provided by the vendor Thales, was similarly secured with the predictable password, "THALES".

Warnings Rang for a Decade

The embarrassing revelation was not a new discovery, but rather the failure to address warnings dating back to 2014.

A confidential audit conducted by France's National Agency for the Security of Information Systems (ANSSI) nearly ten years before the heist explicitly detailed these weak passwords.

The 2014 ANSSI report issued a stark warning, forecasting that "whoever controls the Louvre's network can facilitate the theft of artworks".

Subsequent audits in 2017 and 2025 reiterated the serious systemic shortcomings, including "accessible" rooftops and a reliance on obsolete, unmaintained security software that ran on an outdated operating system (Windows Server 2003, unsupported since 2015).

While French Culture Minister Rachida Dati initially asserted that the museum’s internal security systems had "not failed" immediately after the theft, she was later forced to amend the statement, acknowledging before the public that "gaps in the security system did indeed exist".

Dati conceded the incident highlighted "a chronic and structural underestimation of the risk of theft" within the institution.

The Louvre has since reopened with urgent promises to fix the long-ignored vulnerabilities, including dedicating a new budget toward improved CCTV and a permanent, enhanced police presence, accelerating modernization plans that had been delayed for years.