Hackers Hijack Many New Company Accounts With Domain Names On Squarespace



Introduction

More than one dozen firms with domain names found across Squarespace witnessed their websites get hijacked recently. This incident highlights a critical flaw in domain security that needs immediate attention. Domain security is paramount as it protects the online identity and assets of businesses.

Background

In June of last year, Squarespace acquired assets belonging to Google Domains, encompassing nearly 10 million domain names. The acquisition aimed to streamline services and provide a unified platform for domain management. However, the migration process left several vulnerabilities exposed.

The Hijacking Incident

The domain hijacking incident lasted from July 9th to 12th, primarily targeting crypto-themed entities such as Celer Network and Pendle Finance. During this period, malicious hackers took advantage of the migration process's loopholes, leading to significant security breaches.

How the Hijacking Occurred

Hackers exploited a flaw in the migration process that allowed them to supply email IDs linked to a domain that was still under registration. Without proper email validation, attackers could easily create accounts linked to these domains, bypassing the need for passwords initially set by legitimate users.

Impact on Crypto-Themed Entities

The hijacking primarily affected crypto-themed entities, which are lucrative targets due to the substantial funds involved. Companies like Celer Network and Pendle Finance faced potential financial losses as their domain names were compromised, putting their users at risk.

Redirecting to Phishing Sites

Once the attackers gained control of the domains, they redirected them to phishing sites designed to steal crypto funds from visitors. This method is particularly dangerous as it exploits the trust users place in these platforms, leading to significant financial losses.

Squarespace's Response

In the wake of the incident, Squarespace opted to remain silent initially, offering no comments or statements regarding the attack. However, the company has since taken steps to address the vulnerabilities and prevent future incidents.

Expert Analysis

Cybersecurity experts have analyzed the incident, highlighting the flaws in Squarespace's migration process. The assumption that users would opt for 'Continue with Apple or Google' over 'Continue with email' proved to be a critical oversight.

Metamask's Insight

The head of Metamask explained how Squarespace never anticipated threat actors signing up for accounts linked to newly migrated domains before the legitimate email holders did. This oversight allowed attackers to exploit the system and hijack the domains.

Lack of Domain Activity Insights

One major concern is the absence of activity insights or audit logs for domains managed by Squarespace. Without these logs, it's challenging to detect and respond to unauthorized actions, making domains vulnerable to hijacking without any alerts being sent.

Further Exploitation Risks

The lack of robust security measures means that future exploitation risks remain high. It's crucial for Squarespace and other domain management platforms to implement stricter security protocols to safeguard their users' assets.

Steps for Affected Users

For users affected by the hijacking, immediate actions include enabling two-factor authentication, reviewing and removing unnecessary contributor accounts, and reverting unauthorized changes. Long-term security practices should involve regular monitoring of domain activity and employing strong, unique passwords.

Preventing Future Attacks

To prevent future attacks, Squarespace must improve its security measures, including mandatory email validation and comprehensive audit logs. Users should also be vigilant and proactive in securing their domains, using robust security tools and practices.

Conclusion

The recent domain hijacking incident at Squarespace serves as a stark reminder of the importance of domain security. By addressing the vulnerabilities and implementing stronger security measures, both Squarespace and its users can better protect their online assets and identities.

FAQs

How did the hackers exploit the flaw?

Hackers exploited a flaw in the migration process by supplying email IDs linked to domains that were still under registration, allowing them to create accounts without proper validation.

Which companies were most affected?

Crypto-themed entities like Celer Network and Pendle Finance were among the most affected, facing potential financial losses due to the hijacking.

What steps should users take now?

Affected users should enable two-factor authentication, review and remove unnecessary contributor accounts, revert unauthorized changes, and regularly monitor their domain activity.

How can future domain hijackings be prevented?

Future hijackings can be prevented by implementing stricter security measures, such as mandatory email validation, comprehensive audit logs, and robust monitoring tools.

What changes has Squarespace implemented post-attack?

Squarespace has started disallowing the creation of new accounts using only an email address and is likely working on further security enhancements to prevent similar incidents in the future.

Tags: Hackers Hijack Company Accounts, Squarespace Domain Hijacking, Cybersecurity Incident, Crypto-Themed Entities, Domain Security Flaws, Google Domains Acquisition, Phishing Attacks, Domain Migration Vulnerabilities, Email Validation Issues, Cybersecurity Measures, Two-Factor Authentication, Domain Management Security, Squarespace Response, Protecting Online Assets, Cybersecurity Best Practices

Read more : https://www.hostingbyalitech.com/blog

Alitech Blog

Posted in Uncategorized on Jul 19, 2024



[SOLVED / FIXED] Python Django - TypeError: can't multiply sequence by non-int of type 'float'

Posted in Technical Solutions on Apr 02, 2022

[SOLVED / FIXED] Python Django - TypeError: can't multiply sequence by non-int of type 'float' Error: Language : Python Django TypeError: can't multiply sequence by non-int of type 'float'<strong>SOLUTION / FIX



Japan Airlines Delays Flights After Cyberattack

Posted in News on Dec 26, 2024

On December 26, 2024, Japan Airlines fell victim to a cyberattack that caused significant disruptions to its operations. The attack, which targeted network equipment, led to delays in domestic and international flights, affecting thousands of passengers. Despite the challenges, JAL swiftly acted to identify and contain the attack, preventing major cancellations. The incident highlights the growing threat of cyberattacks on critical infrastructure and the importance of robust cybersecurity measures to prevent future disruptions.



Install Django on CyberPanel and Openlitespeed with WSGI

Posted in Technical Solutions on Feb 02, 2021

Install Django on CyberPanel and Openlitespeed with WSGI These links were of help but I had to struggle alot to reach to success which changes have been included in these guides:



Green Web Hosting: Eco-Friendly Solutions for a Sustainable Future

Posted in Uncategorized on Jul 22, 2024

Discover the benefits of green web hosting and how it can contribute to a more sustainable future. Green web hosting focuses on using energy-efficient technologies, renewable energy sources, and sustainable practices to minimize environmental impact. Learn why choosing an eco-friendly web host not only supports corporate social responsibility but also helps in reducing your carbon footprint. Explore how to select the right green web hosting provider and make a positive difference with your online presence.



CES 2025: Samsung’s AI Robot Ballie Ready to Roll in 2025

Posted in News on Jan 07, 2025

Samsung’s AI-powered robot Ballie, a bright yellow rolling companion, is set to transform smart home technology in 2025. First introduced as a concept in 2020, Ballie combines cutting-edge AI personalization, advanced sensors, and seamless integration with smart home systems. Equipped with a built-in projector and Vision AI, it tailors its functions to suit individual lifestyles. From entertaining with movies and games to controlling devices through voice commands, Ballie acts as a versatile and interactive home assistant. Its official release marks a significant milestone in AI-driven living, offering a glimpse into the future of smarter, more connected homes.



AI Wins Another Nobel: DeepMind’s Hassabis and Jumper Awarded for AlphaFold Breakthrough in Chemistry

Posted on Oct 10, 2024

The 2024 Nobel Prize in Chemistry marked a groundbreaking moment, as artificial intelligence once again took center stage. This time, the honor went to Demis Hassabis, co-founder of Google DeepMind, and John Jumper, Senior Research Scientist at the same institution, for their revolutionary AI system, AlphaFold. Alongside them was David Baker from the University of Washington, whose work in protein design complemented the AI-driven breakthroughs. This prestigious award recognized their joint contributions to predicting and developing new proteins, a breakthrough that is already changing the world of biology and chemistry.



Google’s $2.7 Billion Move to Rehire AI Genius: Noam Shazeer's Return to the Search Giant

Posted in News on Sep 26, 2024

In the rapidly evolving landscape of Artificial Intelligence, Noam Shazeer's return to Google in a staggering $2.7 billion deal marks a significant turning point. Once a key player at Google, Shazeer left in frustration over the company's cautious approach to AI innovation. He co-founded Character.AI, which achieved remarkable success in creating conversational agents. However, as competition in AI intensified, Google recognized the value of Shazeer's expertise and technology, leading to a strategic acquisition aimed at revitalizing its AI capabilities. His role in developing Gemini, Google’s next-gen AI model, could redefine the company's position in the fiercely competitive AI market.



AliTech snippet featured on Google ☺️

Posted in News on Sep 06, 2020

AliTech snippet featured on Google ☺️



The Future of AI and Cloud Computing: A Global Perspective

Posted on Oct 03, 2024

Cloud computing and artificial intelligence (AI) are transforming the technological landscape at an unprecedented pace. These two forces have become vital for businesses aiming to scale, innovate, and stay competitive in a digital-first world. As major corporations like Microsoft, Google, and Oracle make significant investments in cloud infrastructure and AI capabilities, it's clear that these technologies will shape the future of industries worldwide. In this article, we'll dive deep into the latest developments in AI and cloud computing, with a focus on global investments, emerging technologies, and the impact on businesses across different regions.



US Election Results 2024: LIVE Updates on Trump's Lead in Key States

Posted in News on Nov 06, 2024

The 2024 US presidential election is becoming one of the most closely watched races in history. With former President Donald Trump facing Vice President Kamala Harris, early results indicate a tight race, especially in key battleground states. As the night unfolds, Trump leads in traditionally Republican states, but the outcome remains uncertain, with Nevada, North Carolina, and Georgia all still too close to call. Voters are anxiously awaiting final results, and Pennsylvania's outcome could very well determine the next president. Stay tuned for live updates on the election results and key developments.



Tips for Changing Python Django Superuser Password

Posted in Technical Solutions on Jun 07, 2024

Tips for Changing Python Django Superuser Password



[SOLVED / FIXED] Django error 400 bad request

Posted in Technical Solutions on Jul 04, 2021

[SOLEVED] Django error 400 bad request



Unbelievable Weight Loss: World's Heaviest Man Khalid Shaari Sheds 542 kg, Now Unrecognizable at 63 kg

Posted in Uncategorized on Aug 15, 2024

Khalid bin Mohsen Shaari’s weight loss journey is nothing short of extraordinary. Once the world’s heaviest man at 610 kilograms, Shaari has undergone a staggering transformation, shedding 542 kilograms to reach a weight of just 63 kilograms. His remarkable story of recovery, supported by a dedicated team of medical professionals and the intervention of Saudi Arabia’s former King Abdullah, showcases the power of modern medicine and unwavering perseverance. Shaari’s transformation not only highlights the dramatic impact of medical innovation but also serves as an inspiring example of overcoming extreme adversity.



WordPress Hosting & Management

Posted on Nov 04, 2024

Choosing the right WordPress hosting service is one of the most critical decisions you’ll make when building a website. The hosting provider you select can impact your site’s speed, security, and reliability. With so many options available, understanding the different types of WordPress hosting can help you make an informed choice. This guide will delve into the various aspects of WordPress hosting and management, providing insights that can empower you to create a successful online presence.



Comprehensive Guide to Choosing the Right Domain and Hosting Services for Startups

Posted in Uncategorized on Jul 01, 2024

In today’s digital landscape, choosing the right domain name and hosting services is crucial for startups aiming to establish a strong online presence. This comprehensive guide explores the importance of domain selection, optimal hosting solutions, and popular CMS platforms like WordPress, WooCommerce, Joomla, and more. Whether you're deploying NodeJS, Django, Ruby on Rails, React, or other frameworks, understanding these elements is essential for scalable growth and seamless user experiences.



Google Imagen 3 is Now Available for All Gemini Users

Posted in News on Oct 11, 2024

Google has once again pushed the boundaries of artificial intelligence with the release of Imagen 3, its most advanced image generation model to date. This powerful tool, now available to all users of Gemini, promises to revolutionize how we interact with AI-generated imagery by offering unmatched photorealism, vibrant colors, and enhanced control over prompts. But what exactly makes Imagen 3 stand out? Let's dive into all the exciting details of this cutting-edge technology



UAE to grant citizenship to expat investors and professionals

Posted in News on Jan 30, 2021

UAE to grant citizenship to expat investors and professionals including engineers, doctors, artists "The UAE cabinet, local Emiri courts & executive councils will nominate those eligible for the citizenship under clear criteria set for each category. The law allows receivers of the UAE passport to keep their existing citizenship."



Start Saving Now

Posted in Hosting Promotions on Jan 29, 2021

Now you host your website at very low cost and save big. HostingbyAliTech is offering you litespeed web hosting at $0.45 per month. Whats a Big deal? Get web hosting services now and save your money.




Other Blogs


Japan Airlines Delays Flights After Cyberattack

Posted in News on Dec 26, 2024 and updated on Dec 26, 2024

Install Django on CyberPanel and Openlitespeed with WSGI

Posted in Technical Solutions on Feb 02, 2021 and updated on Aug 26, 2022

Green Web Hosting: Eco-Friendly Solutions for a Sustainable Future

Posted in Uncategorized on Jul 22, 2024 and updated on Jul 22, 2024

CES 2025: Samsung’s AI Robot Ballie Ready to Roll in 2025

Posted in News on Jan 07, 2025 and updated on Jan 07, 2025

AliTech snippet featured on Google ☺️

Posted in News on Sep 06, 2020 and updated on Oct 23, 2020

The Future of AI and Cloud Computing: A Global Perspective

Posted on Oct 03, 2024 and updated on Oct 03, 2024

US Election Results 2024: LIVE Updates on Trump's Lead in Key States

Posted in News on Nov 06, 2024 and updated on Nov 06, 2024

Tips for Changing Python Django Superuser Password

Posted in Technical Solutions on Jun 07, 2024 and updated on Jun 07, 2024

[SOLVED / FIXED] Django error 400 bad request

Posted in Technical Solutions on Jul 04, 2021 and updated on Jul 28, 2021

WordPress Hosting & Management

Posted on Nov 04, 2024 and updated on Nov 04, 2024

Google Imagen 3 is Now Available for All Gemini Users

Posted in News on Oct 11, 2024 and updated on Oct 11, 2024

UAE to grant citizenship to expat investors and professionals

Posted in News on Jan 30, 2021 and updated on Mar 30, 2022

Start Saving Now

Posted in Hosting Promotions on Jan 29, 2021 and updated on Jan 30, 2021

WordPress Hosting & Management

Posted on Nov 04, 2024

Start Saving Now

Posted in Hosting Promotions on Jan 29, 2021

WordPress Hosting & Management

Posted on Nov 04, 2024

Start Saving Now

Posted in Hosting Promotions on Jan 29, 2021







Comments

Please sign in to comment!






Subscribe To Our Newsletter

Stay in touch with us to get latest news and discount coupons