Buzzfeed reports that Jon Podesta's email was hacked with a straightforward phishing attack.
The emails, which were sent to DNC and Clinton staff appeared almost identical to the standard warnings Gmail users get asking them to reset their passwords. Once clicked, the links took users to a page that imitated a Google login page, but which was stealing their password information.
It's great to have insight into the systems that the campaign was using. Presumably by now they have better control over email.
An important point -- what are the chances the hackers also sent phishing emails to members of the Trump campaign and the RNC? Why wouldn't they. And even if the emails weren't disclosed, they could still be useful to the hackers. Think about the potential for blackmail.
Anyway, more articles like this please, translating technical reports into terms that anyone familiar with computer systems can understand.
Basically if you get an email saying "change your password and here's the URL," ignore the last part and go to the site yourself. Or you could probably just skip it, figuring that if they put the URL in the email they're probably phishing you.
Same if you get a phone call saying it's your credit card company and they ask for your password. Say I'll call you back at the number on the card.