A single typo may have given Russian hackers access to the Clinton campaign chair’s emails

Did a typo really help cause the Clinton campaign’s loss in 2016? A new report in the New York Times looks at how Russian hackers and WikiLeaks got access to campaign chair John Podesta’s emails, leading to months of negative coverage surrounding the contents of the emails — which, in a super-close election, may have been the last straw for the Clinton campaign.

The Times found that all of this may be blamed on a freaking typo (emphasis added):

Hundreds of similar phishing emails were being sent to American political targets, including an identical email sent on March 19 to Mr. Podesta, chairman of the Clinton campaign. Given how many emails Mr. Podesta received through this personal email account, several aides also had access to it, and one of them noticed the warning email, sending it to a computer technician to make sure it was legitimate before anyone clicked on the "change password" button.

"This is a legitimate email," Charles Delavan, a Clinton campaign aide, replied to another of Mr. Podesta’s aides, who had noticed the alert. "John needs to change his password immediately."

With another click, a decade of emails that Mr. Podesta maintained in his Gmail account — a total of about 60,000 — were unlocked for the Russian hackers. Mr. Delavan, in an interview, said that his bad advice was a result of a typo: He knew this was a phishing attack, as the campaign was getting dozens of them. He said he had meant to type that it was an "illegitimate" email, an error that he said has plagued him ever since.

If this is true (it’s possible Delavan is just trying to cover himself), this means that a single typo may have led Podesta’s staff to click a phishing link that handed over his password to Russian agents who hacked Podesta’s email and then handed over the emails to WikiLeaks.

So there you have it, folks. Cybersecurity is important. Put two-factor authentication on your email, Facebook account, Slack information, and whatever else you can. Don’t click on any links unless you really trust the source — and even then, don’t click on anything that asks you to change your password (just go through the official account settings page instead if you need to) or hand over private information.

For more tips on staying safe on the internet, read Tara Golshan’s great explainer on Vox.

Watch: It’s now on America’s institutions — and Republicans — to check Donald Trump

We're here to shed some clarity

One of our core beliefs here at Vox is that everyone needs and deserves access to the information that helps them understand the world, regardless of whether they can pay for a subscription. With the 2024 election on the horizon, more people are turning to us for clear and balanced explanations of the issues and policies at stake. We’re so grateful that we’re on track to hit 85,000 contributions to the Vox Contributions program before the end of the year, which in turn helps us keep this work free. We need to add 2,500 contributions this month to hit that goal. Will you make a contribution today to help us hit this goal and support our policy coverage? Any amount helps.

One-Time Monthly Annual

$5/month

$10/month

$25/month

$50/month

Other

$

Yes, I'll give $5/month

Yes, I'll give $5/month

We accept credit card, Apple Pay, and Google Pay. You can also contribute via