Louvre Security Head Was Spaceballs Cyber Academy Grad

Don’t you just hate it when some of the websites you have to deal with endlessly harass you to change your password, or force you to add a picture of your eyeball or your firstborn male child’s right big toe print?

Drives me insane. 

Yeah, yeah, yeah – ‘security.’ I get it. 

But when you do everything right, and hit the ‘remember this browser’ every effin’ time – it never does – and jump through all their frickin’ bells, whistles and hoops, but the asshats still lock you out (lookin’ at YOU, USAA) when you’ve been using the same IP for onehunnertyears, it’s enough to make a simple Luddite scream. I am loud when I do.

All for the buck ninety-six I have in my checking account after paying my now exorbitant car insurance and bills like the gas card.

I never save a credit card number to an account, nor do I save those important accounts’ passwords, typing the damn things in every time – peck peck peck. I figured that’s the least I could do, ‘security-wise.’ For other websites, Google password manager can be my friend, like log-ins for newspaper subscriptions. Their ‘use a strong password’ suggestions are pretty rippin’.

I do not live or die by getting into the Times U.K..

See? I think about these things despite my laissez-faire attitude towards most of life.

And I am not a professional security type by employment, who are normally the ones who come up with all these onerous conditions in the interest of protecting whatever information you’ve entrusted to them.

 But much like the plumber who has a perpetually leaky sink at home, security experts and people who have real secrets to keep often seem to be the sloppiest in their own domains.

Take this earnest effort at debunking the WikiLeaks story about Clinton guru John Podesta’s password being ‘p@ssword.’

‘Oh, no, no, no!’ the article insists. That wasn’t his email password.

That was only his computer password.

Big difference!

One of WikiLeaks founder Julian Assange’s more memorable lines in his interview with Fox News host Sean Hannity is that “a 14-year-old” could have hacked the gmail account of Hillary Clinton campaign chairman John Podesta — it was the phrase Donald Trump used when he cited the Assange interview Wednesday morning to cast doubt on the U.S. intelligence community’s consensus that Russia hacked Podesta’s emails. Trump fans in the conservative media have latched on to Assange’s evidence to back up the claim: “We published several Podesta emails which shows Podesta responding to a phishing email. Now, how did they respond? Podesta gave out that his password was the word ‘password.'” It’s a good anecdote — Trump boosters ran with it:

But Podesta’s password was not “password,” according to the emails published by WikiLeaks. One stolen 2015 email from Podesta’s assistant did list “p@ssw0rd” as the login for his Windows 8 computer, but the only password tied to his gmail account was a more-respectable combination of the word “runner” and four digits. The actual way hackers broke into Podesta’s email account is bad enough — an unfortunate typo by Clinton’s tech adviser and Podesta’s decision to use the corrupt link in the phishing email instead of the legitimate one sent by Clinton tech support. There’s no need to make stuff up.

‘More respectable’ password, which was emailed to him by his assistant anyway, not that the Clinton campaign had anything to hide.

Much.

When John Podesta forgot his Apple iCloud password last spring, he asked an aide to remind him — so she emailed it to him. And that set the stage for trouble for Hillary Clinton’s campaign chairman.

First, a WikiLeaks dump last week of Podesta’s alleged Gmail messages revealed the password — “Runner4567″ — to the world. Then someone hijacked Podesta’s Twitter account, possibly using the same password, and blasted out the tweet: “I’ve switched teams. Vote Trump 2015.” The next morning, a security researcher found evidence that digital pranksters had used the password to remotely erase all the contents from Podesta’s Apple devices.

…“This one has it all,” said Joe Siegrist, CEO of the password-management company LastPass, which offers people an encrypted app to house their login credentials. “An absolutely terrible password. Assistants emailing the password. Passwords being re-used for a bunch of different sites. Pretty much all the classic mistakes that everybody who has zero care about this makes.

“When you do everything wrong, you’re bound to fail,” Siegrist added.

At least it wasn’t the ‘p@ssword’ password that caused all the trouble.

Security awareness. Lax and complacent security allows bad things to happen.

There was already trouble for the Louvre’s head of security after the brazen daylight banditry that stripped the storied French museum of priceless royal jewels. Such a position would lead one to assume a security professional was in the role, but Dominque Buffin was almost immediately accused of being a DEI hire, with the Louvre hierarchy turned into a sort of girls’ club.

The Louvre’s head of security was accused of being a diversity hire who put France’s national treasures at risk as the blame game over Sunday’s jewellery heist erupted.

On Monday, the manhunt continued for the four masked burglars who carried out the “theft of the decade” of jewellery belonging to Napoleon’s family.

French investigators said that nothing had been ruled out, including an inside job, but said the evidence was currently pointing towards organised crime.

The daring daylight raid that humiliated France has also exposed long-standing security concerns around the Louvre.

Dominique Buffin, 46, was hired as the first female security chief by Laurence Des Cars, the museum’s first female director, last September.

In 2021, Ms Des Cars had asked Paris police to do a security audit of the museum, which, inexplicably, had only recently started to be acted upon. The police had found numerous serious security issues within the building, most having to do with the aging security infrastructure itself.

…Security systems were branded old and inadequate in a report by the Court of Accounts, which is equivalent to the National Audit Office, before the raid.

The findings, which included exposing a lack of CCTV equipment in a room full of priceless artefacts, was leaked after the crown jewels were stolen.

Pierre Roseberg was the Louvre’s director the last time the museum was raided by burglars.

He warned security was “fragile” after a painting by Camille Corot was stolen in broad daylight in 1998, which was the last recorded theft at the Louvre.

Le Monde reported that Ms Des Cars addressed staff after the raid on Sunday.

Some employees booed her. Some complained that a plan to modernise museum security had recently been postponed in a strategy document for 2025-2029 and complained about a lack of resources.

Nowhere in the article is there any mention of Ms Buffin’s ‘security qualifications’ other than she had held roles ‘in the police and the French culture ministry.‘

Really? That’s…it?

The mayor of Paris Central, one Ariel Weil, seemed to sum it up pretty succinctly.

…He said: “It’s a shock… It’s been a movie script up until now. It’s hard to imagine that it’s seemingly so easy to rob the Louvre.”

Well, it’s not really such a shock now that the Paris police audit and security surveys others had done as far back as 2014 are being released. These are things which would have cost nothing to fix.

Starting with – you guessed it – passwords for the aging equipment.

THE LOUVRE PASSWORD WAS ‘LOUVRE’ – AND IT WAS GOOD

At the time of the brazen heist of $102 million in jewels from the Louvre last month, the password to the world-famous museum’s video surveillance system was simply “Louvre,” according to a museum employee with knowledge of the system. https://t.co/iHvRAWTERI pic.twitter.com/sOn0mCszzf

— ABC News (@ABC) November 6, 2025

Seriously. And both women knew.

The password for the Louvre’s video surveillance system was simply “Louvre” when thieves stole jewels worth €88 million from the museum last month, it emerged on Thursday.

The password for another security system, operated by the defence contractor Thales, was “Thales”. Some security installations were still running until recently on Windows 2000 and Windows Server 2003 although both operating systems have long been unsupported by Microsoft.

Experts warned the Louvre as early as 2014 that “trivial passwords” and “obsolete systems” left its alarms, entry controls and CCTV network open to intrusion, but little action appears to have been taken.

A police commissioner testified to the French Senate last week that the Louvre’s IT infrastructure required “urgent modernisation” and the management was “fully aware” of its vulnerability.

The lefts: We need more state

The state: pic.twitter.com/2bHTuEpnHO

— Michael A. Arouet (@MichaelAArouet) November 6, 2025

Had Ms Buffin bothered to go through the aging cache of passwords and even used Google Suggest, were the jewels still stolen, she would have been able to say, ‘I was working on it! This crap’s old, but I did what I could.’ 

But the simplest thing, and they couldn’t be bothered.

It’s going to be a joke forever.

Because setting it to “password” was not allowed, and using “admin” would have been plain reckless

— Paul van Ramesdonk (@van_Ramesdonk) November 5, 2025

*sigh* 

12345 is so classic, it should be hangin’ in the Louvre.

At HotAir, we’ve been dealing with real government suppression of free speech for YEARS. Despite the threats and consequences, we refuse to go silent and remain committed to delivering the truth.

But we can’t do it without your support.

Please help Ed, David, John, and me continue fighting back against government censorship by joining our terrific HotAir VIP community today. Use promo code POTUS47 to receive 74% off your membership.

And thank you so much again for being here with us at HotAir.