clock menu more-arrow no yes mobile

Filed under:

A single typo may have given Russian hackers access to the Clinton campaign chair’s emails


Hillary Clinton at a cognressional hearing. Saul Loeb/AFP via Getty Images

Did a typo really help cause the Clinton campaign’s loss in 2016? A new report in the New York Times looks at how Russian hackers and WikiLeaks got access to campaign chair John Podesta’s emails, leading to months of negative coverage surrounding the contents of the emails — which, in a super-close election, may have been the last straw for the Clinton campaign.

The Times found that all of this may be blamed on a freaking typo (emphasis added):

Hundreds of similar phishing emails were being sent to American political targets, including an identical email sent on March 19 to Mr. Podesta, chairman of the Clinton campaign. Given how many emails Mr. Podesta received through this personal email account, several aides also had access to it, and one of them noticed the warning email, sending it to a computer technician to make sure it was legitimate before anyone clicked on the "change password" button.

"This is a legitimate email," Charles Delavan, a Clinton campaign aide, replied to another of Mr. Podesta’s aides, who had noticed the alert. "John needs to change his password immediately."

With another click, a decade of emails that Mr. Podesta maintained in his Gmail account — a total of about 60,000 — were unlocked for the Russian hackers. Mr. Delavan, in an interview, said that his bad advice was a result of a typo: He knew this was a phishing attack, as the campaign was getting dozens of them. He said he had meant to type that it was an "illegitimate" email, an error that he said has plagued him ever since.

If this is true (it’s possible Delavan is just trying to cover himself), this means that a single typo may have led Podesta’s staff to click a phishing link that handed over his password to Russian agents who hacked Podesta’s email and then handed over the emails to WikiLeaks.

So there you have it, folks. Cybersecurity is important. Put two-factor authentication on your email, Facebook account, Slack information, and whatever else you can. Don’t click on any links unless you really trust the source — and even then, don’t click on anything that asks you to change your password (just go through the official account settings page instead if you need to) or hand over private information.

For more tips on staying safe on the internet, read Tara Golshan’s great explainer on Vox.

Watch: It’s now on America’s institutions — and Republicans — to check Donald Trump

Sign up for the newsletter Sign up for Vox Recommends

Get curated picks of the best Vox journalism to read, watch, and listen to every week, from our editors.