The phrase in the New York Times story hit a lot of readers - and a lot of journalists - like a slap across the face.
Major news organizations functioned during the 2016 presidential campaign as "a de facto instrument of Russian intelligence."
It was a harsh assessment of how Russian-hacked emails were turned into news stories, but one that certainly contained an element of truth.
Later, Times reporter Amy Chozick, in her book, "Chasing Hillary," mused on the eagerness for the revelations: "I can't explain it exactly except to compare it to a fever that spread through every newsroom and made us all salivate over the tiniest morsels," Chozick wrote.
She memorably summed up her own decision-making: "I chose the byline. I always chose the byline."
The Times, of course, was far from alone in reporting on the revelations from the Democratic National Committee's internal emails. In fact, it would be hard to find a news organization that didn't publish its plentiful share.
But what about next time a foreign adversary tries to sway American politics though cyberwarfare?
Should reporters and editors refuse to publish newsworthy revelations - such as, in the 2016 hack, Democratic Party officials working to thwart Sen. Bernie Sanders in the primary? (The revelations disrupted the Democratic National Convention and forced the resignation of DNC Chairwoman Debbie Wasserman Schultz.)
Or should journalists make decisions on newsworthiness alone? What should they learn?
"The question is an important one because press amplification of the Russian-hacked content is a probable explanation for the 2016 erosion in the public perception that Hillary Clinton was qualified to be president," Kathleen Hall Jamieson, director of the Annenberg Public Policy Center at the University of Pennsylvania, wrote in a recent Boston Globe piece.
There is no perfect answer. It is, after all, not illegal for journalists to report on stolen information, and it is the press's primary job to tell the public what it can find out about what powerful people and institutions are doing.
But ethical questions abound - and top editors around the country have been grappling with them.
"One takeaway for me is that we should put as much investigative muscle into finding out the source and motivation as we do into the information itself," New York Times Executive Editor Dean Baquet told me.
"That's not always easy in the heat of the moment and the heat of competition." He said, though, that he does not regret publishing revelations from the emails because of their significant newsworthiness.
Washington Post Executive Editor Martin Baron told me, in an email, that The Post's Ellen Nakashima was the first journalist to report, in June 2016, that DNC emails had been hacked and that Russian government hackers were believed to be responsible.
After the hack, he said, The Post was selective in what it published from the available emails, and it repeatedly made clear in its stories that U.S. intelligence officials believed Russia had stolen the emails.
"Our standard was whether they contained information genuinely relevant to the public - voters in this case," Baron said.
In her Globe piece, Jamieson observes that, in general, the news media didn't do a great job of emphasizing where the revelations came from.
And she notes that the recently released Mueller report concludes that Russian intelligence officers gave reporters early access to archives of leaked files by sending links and passwords to pages on the website DCLeaks.com.
She offers a thought experiment:
What if, during the third presidential debate, moderator Chris Wallace had emphasized the source of the emails he was bringing up in a question about Clinton's supposed desire for "open borders" - perhaps like this: "My next question is based on stolen Democratic materials, whose accuracy we have been unable to verify, gotten by Russian hackers through cybertheft?"
Viewers would have been more prone to ask, she suggests, "Why would the Russians and Assange want to defeat the Democratic nominee?"
Julian Assange, who co-founded WikiLeaks - where many of the Democratic emails were first published - is known to be a Clinton antagonist, and Russian officials, we now know beyond a doubt, were working hard to help Donald Trump get elected.
BuzzFeed News has revised its standards guidelines to address hacked material, CNN's Oliver Darcy and Donie O'Sullivan reported last week.
Stories should "treat the intention of the hacker as a major part of the story," said Editor in Chief Ben Smith, and "maintain a high bar for news value."
Columbia Journalism School professor Todd Gitlin told the CNN reporters that "under no circumstances" should hacked material be used "without a clear and unmistakable provenance that can be shared with readers."
That these issues will come around again is almost inevitable. Recall that the 2014 hack of internal emails at Sony Pictures was credibly blamed on North Korea, and that little has happened to inhibit the exponential growth of cyberwarfare worldwide.
Newsrooms need to do everything in their power to be prepared to handle hacked information responsibly and thoughtfully - even in the heat of a breaking news story.
In short: Don't publish weaponized gossip. Verify relentlessly. Nail down, and emphasize, the source of the hack and its motivation. And be transparent with news consumers.
Or be prepared to become, in that dreaded phrase, "the de facto instrument" of a foreign adversary's fondest hopes.
Margaret Sullivan is The Washington Post’s media columnist. Previously, she was the New York Times public editor, and the chief editor of the Buffalo News, her hometown paper.