In 2015, a team of Russian-affiliated hackers began to target prominent Democrats. One phishing email in particular went to John Podesta, chairman of Hillary Clinton’s presidential campaign
“Someone just used your password to try to sign into your Google account,” the message said, adding that the sign-in attempt had occurred in Ukraine. “Google stopped this sign-in attempt. You should change your password immediately.”
Given how many emails Podesta received through this personal email account, several aides also had access to it. One of them sent the email to a computer technician to make sure it was legitimate before anyone clicked on the “change password” button.
“This is a legitimate email,” Charles Delavan, a Clinton campaign aide, replied. “John needs to change his password immediately.”
With the subsequent click, a decade of emails that Podesta maintained in his Gmail account were unlocked for the Russian hackers.
In an interview, Delavan said that his bad advice was a result of a typo: He said he had meant to type that it was an “illegitimate” email, an error that he said has plagued him ever since.
Addendum (1/2/2017): Now, Delavan claims he didn’t meant to type “illegitimate”; he meant to type “not a legitimate.”
