Hillary Clinton's campaign staff encouraged their campaign chief to comply with instructions sent to him by hackers posing as Google, emails published by WikiLeaks revealed, likely resulting in a breach of his account.
The exchange began after 4:00 a.m. Eastern time on March 19 when campaign chairman John Podesta received an email warning him that hackers were in possession of credentials for his Gmail account. "Sоmeоne has your passwоrd," the subject said. The email claimed someone using a Ukraine-based Internet address had attempted to sign into his account, but that the login was flagged as suspicious and blocked.
The email ended up in the hands of campaign staff, including tech aide Charles Delavan, who responded six hours later.
"This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account," Delavan noted in his message to Sara Latham, Podesta's chief of staff, and Shane Hable, the campaign's top tech officer.
Latham replied to the thread around noon, "The gmail one is REAL … can you change — does [Podesta] have the 2 step verification or do we need to do with him on the phone?" Latham asked, referring to the optional method of asking a user to verify their identity after entering their password.
The only problem: The email included a "Bitly" link to reset Podesta's password. The link shortening service is a popular method used by hackers who engage in phishing schemes. The exchange indicates Clinton's team encouraged Podesta to enter his credentials and send them to the hackers behind the email.
The exchange was included in the trove of more than 35,000 emails obtained from Podesta's Gmail account and published by WikiLeaks. It has been observed that emails published by WikiLeaks have not been dated later than March 21, two days after the exchange about changing passwords took place, indicating the WikiLeaks emails were probably obtained as a result of an attack that took place around the time Podesta's team was talking about creating a new password.
The Obama administration this month issued a statement loosely attributing some documents obtained by WikiLeaks to breaches connected to the Russian government. Groups tied to the Russian military and FSB, respectively known as Fancy Bear and Cozy Bear, have been traced to breaches of the Democratic Party and affiliated organizations.
WikiLeaks has expressed plans to publish as many as 50,000 of Podesta's emails before the election, and hinted that it holds additional documents yet to be announced.