A rumor that several users circulated online in March 2025 claimed U.S. Secretary of Defense Pete Hegseth once owned the Russian email address phegseth@mail.ru. The Russian technology company VK owns (archived) the Mail.ru email-provider website. (The domain name extension .ru pertains to Russia.)
This rumor involved several pieces of data, all broken down in this article, including the latest chapter of rumors about Trump's association with Russian interests, the Mail.ru email address, information and passwords provided in past data breaches, a Princeton University email address matching Hegseth's first initial and last name, and the details of a Mail.ru user agreement.
As of this writing, we were unable to locate enough evidence to conclusively link the Russian email address to the defense secretary. The Ukrainian publication Kyiv Post also extensively reported the facts of this matter.
A White House spokesperson told Snopes by email, regarding the rumor, "That is fake." The Defense Department, Princeton University and VK did not yet respond to emails asking various questions that might yield more facts.
Breaking down the Hegseth-Russia email rumor
On March 27, the German publication Der Spiegel reported a new development regarding the controversy of high-level members of U.S. President Donald Trump's administration, including Hegseth, using the Signal messaging app to discuss detailed plans to strike Houthi rebel targets in Yemen. The attack occurred on March 15. Der Spielgel published, "Now, reporting by DER SPIEGEL has found that the contact data of some of those officials, including mobile phone numbers, is freely accessible on the internet."
The Atlantic's editor-in-chief, Jeffrey Goldberg, first reported the news of the Signal messages on March 24, after a member of the chat group accidentally added him to the highly-sensitive conversations. Two days following its initial reporting, The Atlantic published the messages from the chat group after Hegseth and other Trump administration officials attempted to discredit both Goldberg and his reporting, and after attempts to downplay the sensitive nature of the exchanges.
Pekka Kallioniemi, whom the International Centre for Defence and Security in Estonia credits as an expert on social media and disinformation, posted (archived) on X of Der Spiegel's reporting, "Interesting article about how the Trump administration's security advisors' mobile numbers, emails, and passwords can be found in commercial databases and publicly available leaks." He then added, "My question is, why does Pete Hegseth have a Russian email address?" His post featured a screenshot of the email address phegseth@mail.ru with a blacked-out password.
In another X user's post (archived), they remarked that, upon attempting to initiate a recovery of the account, Mail.ru displayed a partially obscured phone number with the +7 Russian country calling code, and ending in "83." They said, "The email is linked to a Russian phone number (+7) and a Proton inbox. Concerning. Looking into this."
They also added (archived) that, according to the LeakPeek data breach search engine, the email address displayed the same password as phegseth@alumni.princeton.edu. Hegseth graduated from Princeton University in 2003, and "@alumni.princeton.edu" is an authentic (archived) email suffix for the institution. (One user noted the purported password matched some publicly available information pertaining to the initials and birth year for Hegseth's first wife.)
Hours following Kallioniemi's post and minutes after the other user's posts, another user named Timofey V, whose X bio credited him as a member of the Global Fact-Checking Network, posted (archived) he had just registered the email address phegseth@mail.ru earlier on the same day, meaning it was available and not taken. His registration of the email address suggested that other users reporting about ties to a Russian phone number referenced the one Timofey V used to create the account just hours earlier. He told us in a direct message on X, "The one ending with 83 is mine."
Timofey V, credited on his own website as a Russian international expert on anti-crisis communications and countering disinformation, confirmed with evidence in a message to Snopes — from phegseth@mail.ru — that he owned the email address.
Searches of BreachDirectory, also a data breach search engine, identified both phegseth@mail.ru and phegseth@alumni.princeton.edu as appearing in the Exploit.In data breach. The October 2016 hacking incident purportedly affected the data of 593 million people.
Kallioniemi made note (archived) of the data breach materials showing the matching passwords. He wrote he believed Timofey V's new registration of the account indicated either that "the account was deleted by the owner or scrapped by the service," or that "the data itself is garbage, red herring, and it was added there by someone as a decoy." In a direct message on X, he said he would comment further about the matter on a later date.
Assuming for a moment the authenticity of the 2016 data breach information, the observed password correlation potentially suggested an individual named P. Hegseth owned both email addresses at some point during or before 2016. This purported association theoretically could have persisted until the Mail.ru account was either deleted by the user or terminated by the email provider, potentially due to inactivity or other reasons, enabling Timofey V to register the same email address in March 2025. Or would it?
Mail.ru's page (archived) titled "User Agreement for the Mail service" specifically states in Section 5.4 that the email provider does not allow a second registration of an email address, even past a five-year period pertaining to a similar policy. The agreement reads, "The Service does not provide for the possibility of re-registering an electronic mailbox with a similar unique name, including after the expiration of the period specified in this paragraph." This policy suggested Hegseth never owned the Mail.ru email address.
'Be a bit wary'
Aric Toler, a reporter for The New York Times' visual investigations team, expressed caution about the rumor in a thread on X. Toler posted (archived), in part, "Be a bit wary of these claims of Hegseth having a secret Russian email. I've ran into ghost mail.ru and rambler.ru accounts made with usernames and passwords previously found in data leaks." He also added (archived) that the phegseth@mail.ru email address displayed in a list that "auto-populates ghost email addresses with previously leaked credentials," for example potentially drawing the information from the Princeton email address to create the Mail.ru account, even if it never existed.
Snopes attempted to conduct an experiment in creating a Mail.ru account, deleting it entirely and then attempting to create the same email address a second time. However, Mail.ru failed to successfully delete the test account, even though the website displayed messages indicating a successful removal, thus not allowing us to complete the test.
This article will receive updates should any further correspondence or facts come our way.
For further reading, we have also broken down the story about Trump administration officials using a Signal group chat that included Goldberg to discuss the strikes in Yemen.