Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
2nd Edition GlitchZone RHC 320x100 2
2nd Edition GlitchZone RHC 970x120 2
Louvre Theft: Windows 2000 and Windows XP on Networks, as Well as Simple Passwords

Louvre Theft: Windows 2000 and Windows XP on Networks, as Well as Simple Passwords

Redazione RHC : 4 November 2025 19:05

As we know, the thieves in the “theft of the century” entered through a second-floor window of the Louvre Museum, but the museum had other problems besides unprotected windows.

Although Culture Minister Rachida Dati stated that “the museum’s security systems did not fail,” there are indications that some cybersecurity breaches did occur .

According to confidential documents seen by the newspaper Libération, in 2014, simply typing ” LOUVRE ” accessed the server responsible for video surveillance at France’s most famous museum. Or typing ” THALES ” accessed the software published by the company of the same name.

These passwords, which in technical jargon are called “default” or “predictable passwords,” were already defined by the ANSSI (French National Agency for Information Security) as a serious risk. They reported that “the Louvre Museum’s office network also includes obsolete systems” such as Windows 2000 —which no longer guaranteed session locking or antivirus updates.

ANSSI verified all of this with an internal audit in 2014. Microsoft had stopped providing security updates for Windows 2000 as early as July 2010. The audit contained very specific recommendations: use more complex passwords, migrate software to supported versions, and fix vulnerabilities . But the museum did not respond to whether it actually followed these recommendations.

A second audit was conducted in 2017 by the INHESJ (National Institute for Advanced Studies on Security and Justice) and found that “some workstations have obsolete operating systems (Windows 2000 and Windows XP) that no longer guarantee effective security (no antivirus updates, no passwords or session locks, etc.).” Microsoft discontinued extended support for Windows XP in 2014.

Twenty years of technical debt have weighed heavily on the Louvre’s security, with the continuous accumulation of analog video surveillance, digital video surveillance, intrusion detection, and access control systems, some with dedicated servers or proprietary applications. Some of these systems have become obsolete over time and would require updates or replacement.

Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli