Stand up for facts and support PolitiFact.
Now is your chance to go on the record as supporting trusted, factual information by joining PolitiFact’s Truth Squad. Contributions or gifts to PolitiFact, which is part of the 501(c)(3) nonprofit Poynter Institute, are tax deductible.
I would like to contribute
It’s known that John Podesta, Hillary Clinton’s campaign chairman, was tricked into giving his email password to hackers believed to have Russian ties.
But now a rumor is spreading that his email password wasn’t much of a secret at all. It was simply "password."
"What happened was John Podesta gave his password to a hacker. And guess what his password was. 'Password,' " said Fox News' Jesse Watters on Jan. 4. "It’s a true story. His password was ‘password.’ "
That’d be funny, if it were true. The thing is, there’s no material evidence to support the claim that Podesta violated a very basic tenet of Internet safety.
None shall pass
The first person to say that Podesta’s email password was "password" was Julian Assange, whose website WikiLeaks published the emails stolen from Podesta.
"We published several Podesta emails, which show Podesta responding to a phishing email," Assange said on Fox Jan. 3. "Now, how did they respond? Podesta gave out that his password was the word ‘password.’ "
"So this is something a 14-year-old kid could have hacked," Assange added.
We don’t know where Assange’s claim comes from. None of the emails published on WikiLeaks show Podesta’s email password. And of the cyber analysts examining the phishing emails used to infiltrate Podesta’s and others’ accounts, none have made similar claims.
Further, Podesta was using a Gmail account, and Google doesn’t allow users to make their passwords "password."
Go try for yourself. We did:
Perhaps Assange is thinking of a February 2015 email in the WikiLeaks dump. In that email, a staffer tells Podesta that his Windows 8 login on what appears to be a new work computer is username: jpodesta and password: [email protected]rd.
Interestingly, in another email sent in May 2015, the same staffer tells Podesta his Apple ID password: Runner4567.
So we have two of Podesta’s passwords, but neither are for his email account.
In fairness to Assange, Watters and others pushing the email password claim: Both of these passwords are far too simple to be effective. So it’s possible Podesta similarly made his email password overly simplistic.
But we don’t know that for sure, and we surely don’t know if his email password was just "password."
Pro tip: If you don’t want to end up like Podesta, check out this guide to protecting yourself online, written by cyber crime expert Marc Goodman.
Watters said Podesta’s email password was "password."
There is no material evidence to back up this claim. Google doesn’t even allow Gmail users to make their password "password."
We know from the stolen Podesta emails published on WikiLeaks that he used a Windows 8 login that had the password "[email protected]" But that’s not for his email account.
We rate this claim False.
Fox News, "Outnumbered," Jan. 4, 2016
Fox News, "Hannity," Jan. 3, 2016
Twitter, tweetstorm by cybersecurity consultant Matt Tait, Jan. 4, 2016
WikiLeaks, Podesta email dump, accessed Jan. 5, 2016
Goldberg Segalla Data Privacy Blog, "Lessons in Cyber-Hygiene: How John Podesta was Caught by Phishing," Oct. 20, 2016
Vice Motherboard, "How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts," Oct. 20, 2016
Read About Our Process
In a world of wild talk and fake news, help us stand up for the facts.