Weak Cybersecurity Leaves Vatican Exposed to Serious Digital Threats

A cybersecurity specialist has warned that the Vatican remains dangerously vulnerable to hackers, with outdated systems, weak passwords, and minimal protection against daily digital attacks. According to his assessment, many of the Holy See’s online operations still prioritize evangelisation over security, leaving critical infrastructure exposed.

Joseph Shenouda, a cybersecurity expert based in the Netherlands, told the Dutch newspaper Nederlands Dagblad that some Vatican websites continue to rely on extremely weak passwords such as “welcome123,” while other systems have not been updated for years. He described the digital environment of the Holy See as so poorly protected that sophisticated hackers can gain access with ease.

Shenouda even claimed that the level of vulnerability is so high that outsiders could watch Pope Leo XIV using his tablet during a private video call with his brother in Chicago. He added that some Vatican network addresses have been used to view inappropriate content online, a discovery he said was both alarming and irresponsible.

According to Shenouda, the Vatican receives phishing attempts every day, yet often does little to respond. He explained that whenever the Pope comments on sensitive geopolitical issues, such as the war in Ukraine, there is an immediate spike in cyberattacks aimed at disrupting communications or stealing information.

He also described an attempted intrusion by a Chinese hacking group that tried to infiltrate the Vatican’s email system at a time when Church officials were engaged in sensitive negotiations with Beijing regarding the appointment of bishops. The expert noted that several Vatican employee email addresses have already appeared for sale on the dark web.

Shenouda, a Coptic Orthodox Christian living near Eindhoven, said Vatican officials acknowledge their weaknesses but admit they do not have the technical expertise required to properly address them. He explained that the Church’s digital priorities have long focused on outreach and evangelisation rather than security, leaving fundamental protections neglected. Even in St Peter’s Square, investigators have detected fake WiFi routers set up to capture data from pilgrims and visitors.

“We are talking about a state with ministries and diplomats that does not have its digital security in order,” Shenouda said. He added that the level of vulnerability is so consistent that he is no longer surprised by what he discovers. “In Rome, it just does not seem to sink in that they need to wake up.”

After first identifying major weaknesses in 2022, Shenouda founded a volunteer group called Vatican Cyber Volunteers. The initiative has grown to include more than one hundred cybersecurity specialists across multiple countries. These volunteers collect information about vulnerabilities and compile periodic reports for the Vatican’s Dicastery for Communications.

Shenouda believes the Holy See must take greater responsibility and appoint a dedicated information security officer. While volunteers provide assistance with good intentions, he stressed that long term protection requires the Vatican to strengthen its own internal cybersecurity capacity.