'It only takes one email': 3 reasons why China reading Obama administration private emails is even worse than it seems
What the Chinese found in the private email accounts of top US officials - vacation plans, notes to friends, and other everyday correspondences that pass through personal inboxes - likely bordered on the mundane.
But the fact that the hackers were able to breach the accounts in the first place and the potential fallout make it clear that the breach shouldn't be taken lightly.
Here are 3 reasons why:
Administration officials are falling for phishing attempts
The email breach shows that government employees are still the administration's weakest link in terms of cybersecurity.
At the highly technical Infiltrate hacking conference, a professional penetration tester for a major company in Silicon Valley told Business Insider that the easiest way to infiltrate a system is to bait an employee into clicking on an infected link in a seemingly innocuous email.
"People love to click on that blue line," Ray Boisvert, a veteran of Canada's intelligence services, told Business Insider at the conference.
From there, the hacker for hire can acquire the employee's username, passwords, and other sensitive information - which can lead a hacker into the larger system.
This tactic, known as "phishing," can be executed by unskilled scammers. When executed by a professional, however, phishing becomes a highly targeted tool that can trick even the savviest employees, let alone administration officials in their 50's and 60's whose work has only recently transitioned into the cyber realm.
Even if an individual has been trained by his or her agency to identify and avoid phishing scams, one cybersecurity course will not be enough to make that person change his or her behavior in the long run, especially if it's their personal email and their guard is down, cybersecurity expert Joe Loomis of Cybersponse told Business Insider.
"Statistically, if employees are not retrained to avoid phishing scams within 90 days, they start to click [on the malicious links] again," Loomis said, citing data provided by the cybersecurity company Phishbite.
Hackers may have access to far more than just email accounts
Moreover, by unknowingly clicking on malicious links in emails, officials likely gave hackers access to far more than just the contents of their inboxes.
The information that can be gleaned from someone's personal inbox goes beyond the mundane correspondences that often fill it, Loomis noted, especially when you have that person's passwords and, consequently, the keys to unlocking other areas of their digital lives.
"And it only takes one email to compromise the entire computer," he said. "These hackers cast a very wide net when choosing who to target, so that ultimately it becomes like shooting fish in a barrel."
"It's better to assume they've gotten a lot of intelligence this way than to say they haven't been successful," he added.
A political nightmare for Hillary, even if her private emails were secure
"Even if Clinton did nothing wrong, she'll be guilty by association at this point," Loomis said. "It's a political nightmare."