Private audit accessed by a journalistic group reveals that the Louvre Museum’s surveillance system used the password “Louvre” to access the camera circuit. The crown jewel robbery occurred on October 19, 2025, with two men arrested in connection with the crime. Documents indicate security problems that have accumulated for a decade at the largest museum in the world, located in Paris.
The French Ministry of Culture admitted failures after publishing reports in the newspaper Libération on November 1. Minister Rachida Dati recognized vulnerabilities that were previously denied by the government. Four suspects were arrested, with profiles described as amateur by Paris prosecutor Laure Beccuau.
- Password “Louvre” allowed entry to the video surveillance server.
- Password “Thales” accessed other critical software.
- Simulated attacks changed badge permissions and compromised networks.
Outdated software
The Sathi program, acquired in 2003 from the company Thales, supervised cameras and entry controls. A 2019 report already warned of a lack of maintenance by the supplier.
Thales confirmed the absence of an active contract and no contact from the museum for renewal. The system operated on a server with Windows Server 2003, discontinued by Microsoft in 2015.
Penetration Testing
Cybersecurity experts accessed the security network from computerscommon administrative worshipers. They compromised video surveillance and changed access control data.
These tests demonstrated that intrusions could occur from outside the museum. The combination of incompatible systems affected the protection of works and the safety of visitors.
Suspect profile
Authorities arrested four individuals linked to the jewelry theft. Prosecutor Laure Beccuau reported that the profiles do not indicate organized crime.
Detainees commit crimes not associated with higher levels. Two men were directly arrested for their involvement in the robbery.
Corrective measures
The Louvre plans to install anti-intrusion devices before the end of 2025. Eight critical software have not received updates for years.
Reports from 2021 highlight widespread obsolescence. Problems have persisted since at least 2015, according to administrative documents.
Weaknesses exposed
National security agency identified weak passwords on essential servers. Remote access compromised the entire surveillance circuit.
Private audits changed the official discourse on the incident. The museum faces vulnerabilities accumulated over the years.