Podesta’s iPhone reportedly wiped within hours of his Twitter account being hacked.
Unconfirmed evidence builds a strong case that an Apple iCloud account belonging to Hillary Clinton’s campaign chief, John Podesta, was accessed and possibly erased by hackers less than 12 hours after his password was published on WikiLeaks.
So far, Clinton campaign officials have confirmed only the compromise of Podesta’s Twitter account after it was used to urge followers to vote for Republican nominee Donald Trump. Several screenshots circulating online, however, strongly suggest that the iCloud account tied to Podesta’s iPhone was also illegally accessed by people who tried—and possibly succeeded—to wipe the device of all its data. The images raise the specter that no one inside the Clinton campaign locked down the Podesta iCloud account in the hours following the WikiLeaks dump. iCloud accounts often provide a wealth of sensitive information, including real-time whereabouts, contacts, and confidential messages. Clinton officials didn’t respond to an e-mail seeking comment for this post.
The screenshots began appearing on Wednesday night, less than 12 hours after a new batch of Podesta e-mails published on WikiLeaks revealed that his iCloud password was “Runner4567.” Researchers can’t be certain how the iCloud and Twitter accounts were compromised, but several descriptions, such as this one of now-deleted threads on the 4chan discussion board, claim participants who saw the WikiLeaks post discovered that “Runner4567” remained a working password and used it to illegally access Podesta’s iCloud account.
Around the same time, Podesta’s verified Twitter account issued a tweet that said, “I’ve switched teams. Vote Trump 2016. Hi pol.” The message was soon deleted, and the Clinton campaign admitted that it had been posted by someone who managed to take over the account. “Pol” is a reference to one of the 4chan boards where members were actively discussing the hijackings of Podesta’s accounts.
Researchers are speculating that Podesta’s Twitter account may have been protected by the same weak password that was disclosed in the WikiLeaks dump. Another possibility is that the password reset feature for Podesta’s Twitter account was linked to his iCloud account and was activated once the iCloud account was hijacked. Participants in the 4chan discussions also published screenshots that purported to show an Outlook account belonging to Podesta being taken over, but Matt Tait, an independent researcher who posts under the Twitter handle Pwn All The Things, said he is less confident in the authenticity of those images.
“Those are the only two that I know for certain have been compromised by random people on the Internet,” Tait told Ars, referring to the iCloud and Twitter accounts belonging to Podesta. “There may be other accounts that have also been compromised, but there’s not enough evidence to corroborate the pictures thus far.”