On October 19, criminals used a truck-mounted ladder to pull off an astonishing heist, gaining access to the Louvre’s Apollo Gallery in Paris to steal diamond and sapphire-encrusted jewelry that once belonged to royalty.
The robbery drew widespread disbelief, especially considering the thieves’ low-tech approach. How did a mechanical lift allow them to break into the Louvre, steal invaluable objects, and make off on motorcycles in broad daylight?
As French newspaper Libération reported over the weekend, the iconic museum’s security sounds seriously lacking. Perhaps most glaringly, the paper obtained internal documents that date back to 2014, suggesting that the Louvre’s video surveillance server password was — we are not kidding — “Louvre.” While it’s unclear if the password has since been updated, it’s nonetheless an enormous IT oversight that suggests the world-class museum may be suffering from some serious gaps in its security.
Experts at the French Cybersecurity Agency easily got into the poorly secured network at the time to manipulate video surveillance and could even change who could access the system.
However, the thieves likely didn’t even attempt to get into the video surveillance network, considering the museum’s camera systems recorded plenty of footage of them breaking into the building and using angle grinders to laboriously cut open glass cases protecting the jewelry.
Per Libération, a 40-page audit by the National Institute for Advanced Studies in Security and Justice concluded in 2017 that the Louvre’s security had “serious shortcomings” and “poorly managed” visitor flow. The institute also found that rooftops were easily accessible while the museum was under construction, and that it was working with outdated and malfunctioning security systems.
Things didn’t get better over the last ten years, with 2025 documents suggesting the Louvre was using security software it had purchased in 2003, running on hardware using the long-obsolete operating system Windows Server 2003.
Police have since identified four suspects, in some cases using DNA recovered from the crime scene. Ironically, as CNN reports, none of them have any association with organized crime — and instead appear to be local petty criminals that already have an established record for previous robberies.
More on data security: Programmers Using AI Create Way More Glaring Security Issues, Data Shows