Podesta wasn’t hacked because he used a bad password. His email was breached because hackers sent a spear phishing email pretending to be Google asking for his credentials because, according to the fake email, he had already been hacked. It’s a common tactic of hackers to create emotional urgency during an attack. Ironic as it is, pretending you’ve already been hacked is a common tactic because it can push people to quickly click malicious links without thinking through or checking the consequences.
