The Iranian-linked hacker group Handala has leaked the private communications of Robert Malley, who was President Barack Obama’s lead negotiator on the 2015 Iran nuclear deal.
In a post to its website on Saturday, Handala shared what it claims are 150,000 emails and thousands of private chats from Malley’s X account.
“These leaks deliver a devastating blow to the so-called security of America and its network of allies,” the hackers wrote.
While Malley is best known for his involvement in the Iran nuclear deal, known officially as the Joint Comprehensive Plan of Action, Handala’s remarks were focused on his role as U.S. special envoy to Iran under President Joe Biden. The hacker group called him “the chief architect of criminal sanctions against the Iranian people.”
Use of Gmail account investigated
The nonprofit leak archiver DDoSecrets, which has been analyzing the dataset, told Straight Arrow that the total email count from Malley’s Gmail inbox appears to be closer to 675,000. Of those, DDoSecrets said, more than 175,000 are duplicates.
Malley’s use of the Gmail account has been the focus of investigations by the State Department and the FBI.
Politico reported in 2024 that the FBI was investigating whether Malley moved classified information to his personal email account, “where it may have fallen into the hands of a foreign actor,” such as Iran.
The State Department suspended Malley’s security clearance in 2023 and also investigated whether he mishandled classified material. Malley said in September 2025 that the investigations had concluded. No charges were filed.
The leaked emails, which range from 2008 to late February of this year, detail numerous aspects of Malley’s career in both the public and private sectors. They include communications with his lawyers about the FBI and State Department investigations.
At least one email viewed by Straight Arrow appears to reference negotiations for the nuclear deal prior to its finalization in July 2015. The message was sent by a member of an American think tank in September 2014 and it remains unclear whether it actually contains classified information.
“Iran doubts the admin can resist a combination of Israeli pressure and Congressional opposition on the nuclear front,” the email says. “Plan B is being devised to run the Iranian economy for the next four years. Rohani is downplaying the prospects of a nuclear deal in an effort to make a second term possible.”
Malley, who was placed on indefinite leave without pay before being replaced by Abram Paley as acting special envoy for Iran in March 2023, has denied any wrongdoing.
Malley did not respond to a message from Straight Arrow left on his X account.
The data cache also contains 223 screenshots of private message threads from X. The messages range from 2017 to February 2026 and largely involve conversations with journalists and academics.
‘Do not write password’
Exactly how Malley’s Gmail and X accounts were breached is not clear.
In one email from 2017, however, Malley was asked to share his Twitter password. An employee at the non-profit organization known as the International Crisis Group, where Malley previously served as CEO and President, asked for the password “as one word in a new email” in an apparent attempt to conceal its significance.
“Do not write password in the subject or email body,” the employee wrote.
The leak is the latest in a string of attacks by Handala, which last week published what it claimed to be the names and phone numbers of thousands of U.S. military personnel stationed in the Middle East.
In March, the hackers also published more than 300 emails from the personal Gmail inbox of FBI Director Kash Patel.