The Louvre, under scrutiny since a major jewelry heist last month, used its own name as a password for video surveillance, a new review of confidential documents by a French newspaper revealed.
The Paris museum requested an audit in 2014 from the French National Agency for the Security of Information Systems, aiming to test the museum’s security network.
The agency’s experts got into the network with ease by using “LOUVRE” to access a video surveillance server and “THALES” to access a software program published by defense company Thales, according to documents cited by French newspaper Liberation.
The experts recommended the Louvre implement more complex passwords, fix vulnerabilities in computer applications it used and start using systems that were still supported by software publishers.
The 2014 audit and a 2017 audit by experts from the security agency pointed out the use of old software and old operating systems, including Windows 2000 and Windows XP, according to Liberation.
In the 2017 audit, experts wrote “technologies are aging and regularly experience technical malfunctions,” as translated from French, according to Liberation.
The museum did not respond to the paper’s queries about which, if any, recommendations from cybersecurity experts were implemented at the Louvre.
Though suspects have been arrested in the Oct. 19 heist, the French crown jewels stolen, worth about $102 million, are still missing.
