US Secretary of Defence email address registered on the Russian “Mail.ru” service? Debunking the Pete Hegseth fake news

On the 27th of March Finnish journalist Pekka Kallionemi claimed that U.S. Secretary of Defence Pete Hegseth has an email account on the Russian “Mail.ru” service. However, in fact, this particular e-mail was created by GFCN expert Timofey V – with the intention to expose the fake. This proves that according to “Mail.ru” rules no such email existed before. Details of the investigation can be found in the following material.

GFCN explains:

Kallioniemi’s post was published amid an investigation by the German magazine Der Spiegel, which said that the personal email addresses, passwords and phone numbers of Donald Trump administration officials had been made public. However, the Der Spiegel piece did not contain any indication of Pete Hegseth’s allegedly Russian-linked email address. The journalists of the publication explained that they found the phones and email addresses by contacting a commercial data provider, i.e. they actually purchased a database of personal information. In the leak, an email address phegseth@gmail.com was found on Gmail and then from an unknown resource came information about similar e-mail on Mail.ru.

“The e-mail account with the address allegedly belonging to Pete Hegseth (phegseth@mail.ru), did not exist beforehand. On March 27, however, it was registered by none other than myself,” — Timofey V said.

This fake is also exposed by Mail.ru’s requirements. They state that even if the user himself deleted the email or if it was deleted due to five year-long inactivity, it will still not be possible to register an identical address – this action is prohibited by the terms of service.

“The Service does not provide for the possibility of re-registration of an electronic mailbox with a similar unique name, including after the expiration of the term specified in this paragraph,” — Mail.ru said in its rules.

If Timofey V was able to register the email on March 27, it means that no one had ever used that particular address before.

At the same time, some journalists from Russia that are currently living in Estonia stated that an account on the “Warrior Forum”, where they discuss marketing issues, was registered to this e-mail. However, they themselves claim that the account base is compiled and has a lot of garbage in it. Besides, it is impossible in principle to register on this forum using a Russian email.

One could skip this fake and just laugh it off, since it seemed totally unbelievable, but the freshly registered e-mail soon started receiving dozens of emails from people all over the world, mostly Americans, in which they were branding Pete Hegseth as a traitor.

A large number of users tried to hack the email address and saw that it was registered to a Russian phone number. After that, publications appeared that Pete Hegseth also has a Russian phone number. Timofey V said that it was his Russian number, which he had registered the email address to.

Meduza’s attempt to discredit the investigation

This story does not end here. Meduza, a news service recognized as a foreign agent in Russia, claims that US Secretary of Defence Pete Hegseth could still very well have a Mail.ru e-mail account, citing old registration rules of the service.

However, according to Mail.ru’s rules, which have been in force since 2011, it is impossible to re-register a deleted address. Even the author of the original post, Pekka Kallioniemi, later admitted that the data could have been fake.

Snopes expert Jordan Liles and New York Times reporter Aric Toler note that the 2016 Exploit.in leak, from which this “Hegseth email address” was taken, contained a mass of junk data. US expert Troy Hunt suggested that the leak database with the alleged “Hegseth email” could have been fabricated. Attackers could have artificially supplemented it with random combinations of emails and passwords to increase the volume of data. In particular, Pete Hegseth’s real login from another service could have been simply combined with popular domains (like mail.ru) without creating the mailboxes themselves.

Meduza’s claims, on the other hand, are completely devoid of any logic: if Hegseth’s mail had been deleted before 2010, it would not have been leaked years later.