On Tuesday, Guccifer 2.0—the same hacker that previously broke into the Democratic National Committee's servers—posted data that purportedly show evidence of corruption and malfeasance at the Clinton Foundation. Just a few days later, security experts agree that the hack appears to be a hoax. But that doesn't mean it didn't still do damage. Those early reports alone are enough to build on the uncertainty and disillusionment that has plagued the 2016 United States presidential election.

In a blog post on Tuesday, Guccifer 2.0, whom security analysts have tied to Russian interests, published documents allegedly obtained from the Clinton Foundation's servers. The post reads, "Many of you have been waiting for this, some even asked me to do it. So, this is the moment. I hacked the Clinton Foundation server and downloaded hundreds of thousands of docs and donors’ databases."

But as security researchers and journalists reviewed the leak, questions emerged about the validity of the data. And Clinton Foundation president Donna Shalala quickly denied the intrusion. "No notification by law enforcement, and none of the files or folders shown are ours," she tweeted.

While news outlets did widely report this second wave of information casting doubt on the incident, the damage had been done. The hack didn't have to be real to sow more mistrust in the integrity of the 2016 election, especially among those already inclined toward Hillary Clinton conspiracy theories.

"Regardless of whether the latest documents are legitimate or not, a major determinant of conspiracy theory belief is how people perceive the alleged conspirators—are they seen as moral or immoral?" Michael Wood, who studies the psychology of conspiracy theories at the University of Winchester, wrote to WIRED. "Even before [the hack hoax] Clinton had a lot of suspicions floating around about her, so it's no surprise that Clinton conspiracy theories are generally popular."

And while mainstream news organizations refuted the hacks, it found plenty of traction on social media and ultra-conservative websites. Here's one representative tweet:

Adding to the confusion, the most recent Guccifer 2.0 leak appears to contain mostly real data, just not from the Clinton Foundation. Instead, it seems to come from previously disclosed hacks of the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee (DCCC). That redundancy isn't enough to dissuade the true believers; they interpret it as proof that the Clinton Foundation is an arm of the Democratic Party.

The supposed leaked documents also seem to combine some information that is public record, and some that's just made up. One irresistible parcel from the dump is a folder titled "Pay to Play," which appears to tie corporate donations to politicians with legislation that benefited those corporations. The files look like Democratic opposition research against Republican politicians, and their metadata shows that they are from the DCCC, but the "Pay to Play" folder in which they sit could have easily been fabricated.

Though there are a lot of unknowns about Guccifer 2.0—whether the persona represents a lone attacker, a state-sponsored Russian hacking group, or something else—the entity has successfully revealed enough meaningful data to gain credibility. That's crucial to sowing confusion, according to Ben Johnson, a co-founder of the security firm Carbon Black who formerly worked as a security engineer at the NSA.

"One valid hack gives you incredible power, especially when you’re anonymous and attribution is very difficult. You hack one company or one organization legitimately and you have credibility," he says. "You could insert documents that are fake to really slant opinion one way or another, especially when it’s a political issue. But once you’ve shown that you were in someone else’s environment, someone else’s network, you really have this tremendous power to influence public opinion."

The stunt was also presumably very low cost for Guccifer 2.0, since it seems to have simply recycled data from past leaks. So if the goal was to mislead or generate political uncertainty, even a modest impact would be considered a good return on investment.

"The same pattern seems to be going on in each of these instances where there’s initial reporting and then the truth sort of comes out a little while later," says Joseph Uscinski, a political scientist at the University of Miami who studies U.S. media and conspiracy theories. "But it's hard to discern what the truth is, and even when it gets reported it’s not as impactful as the not-truth."

In an electoral season where the truth gets so casually dismissed, a little disinformation goes a long way.