Hackers Hijack Many New Company Accounts With Domain Names On Squarespace



Introduction

More than one dozen firms with domain names found across Squarespace witnessed their websites get hijacked recently. This incident highlights a critical flaw in domain security that needs immediate attention. Domain security is paramount as it protects the online identity and assets of businesses.

Background

In June of last year, Squarespace acquired assets belonging to Google Domains, encompassing nearly 10 million domain names. The acquisition aimed to streamline services and provide a unified platform for domain management. However, the migration process left several vulnerabilities exposed.

The Hijacking Incident

The domain hijacking incident lasted from July 9th to 12th, primarily targeting crypto-themed entities such as Celer Network and Pendle Finance. During this period, malicious hackers took advantage of the migration process's loopholes, leading to significant security breaches.

How the Hijacking Occurred

Hackers exploited a flaw in the migration process that allowed them to supply email IDs linked to a domain that was still under registration. Without proper email validation, attackers could easily create accounts linked to these domains, bypassing the need for passwords initially set by legitimate users.

Impact on Crypto-Themed Entities

The hijacking primarily affected crypto-themed entities, which are lucrative targets due to the substantial funds involved. Companies like Celer Network and Pendle Finance faced potential financial losses as their domain names were compromised, putting their users at risk.

Redirecting to Phishing Sites

Once the attackers gained control of the domains, they redirected them to phishing sites designed to steal crypto funds from visitors. This method is particularly dangerous as it exploits the trust users place in these platforms, leading to significant financial losses.

Squarespace's Response

In the wake of the incident, Squarespace opted to remain silent initially, offering no comments or statements regarding the attack. However, the company has since taken steps to address the vulnerabilities and prevent future incidents.

Expert Analysis

Cybersecurity experts have analyzed the incident, highlighting the flaws in Squarespace's migration process. The assumption that users would opt for 'Continue with Apple or Google' over 'Continue with email' proved to be a critical oversight.

Metamask's Insight

The head of Metamask explained how Squarespace never anticipated threat actors signing up for accounts linked to newly migrated domains before the legitimate email holders did. This oversight allowed attackers to exploit the system and hijack the domains.

Lack of Domain Activity Insights

One major concern is the absence of activity insights or audit logs for domains managed by Squarespace. Without these logs, it's challenging to detect and respond to unauthorized actions, making domains vulnerable to hijacking without any alerts being sent.

Further Exploitation Risks

The lack of robust security measures means that future exploitation risks remain high. It's crucial for Squarespace and other domain management platforms to implement stricter security protocols to safeguard their users' assets.

Steps for Affected Users

For users affected by the hijacking, immediate actions include enabling two-factor authentication, reviewing and removing unnecessary contributor accounts, and reverting unauthorized changes. Long-term security practices should involve regular monitoring of domain activity and employing strong, unique passwords.

Preventing Future Attacks

To prevent future attacks, Squarespace must improve its security measures, including mandatory email validation and comprehensive audit logs. Users should also be vigilant and proactive in securing their domains, using robust security tools and practices.

Conclusion

The recent domain hijacking incident at Squarespace serves as a stark reminder of the importance of domain security. By addressing the vulnerabilities and implementing stronger security measures, both Squarespace and its users can better protect their online assets and identities.

FAQs

How did the hackers exploit the flaw?

Hackers exploited a flaw in the migration process by supplying email IDs linked to domains that were still under registration, allowing them to create accounts without proper validation.

Which companies were most affected?

Crypto-themed entities like Celer Network and Pendle Finance were among the most affected, facing potential financial losses due to the hijacking.

What steps should users take now?

Affected users should enable two-factor authentication, review and remove unnecessary contributor accounts, revert unauthorized changes, and regularly monitor their domain activity.

How can future domain hijackings be prevented?

Future hijackings can be prevented by implementing stricter security measures, such as mandatory email validation, comprehensive audit logs, and robust monitoring tools.

What changes has Squarespace implemented post-attack?

Squarespace has started disallowing the creation of new accounts using only an email address and is likely working on further security enhancements to prevent similar incidents in the future.

Tags: Hackers Hijack Company Accounts, Squarespace Domain Hijacking, Cybersecurity Incident, Crypto-Themed Entities, Domain Security Flaws, Google Domains Acquisition, Phishing Attacks, Domain Migration Vulnerabilities, Email Validation Issues, Cybersecurity Measures, Two-Factor Authentication, Domain Management Security, Squarespace Response, Protecting Online Assets, Cybersecurity Best Practices

Read more : https://www.hostingbyalitech.com/blog

Alitech Blog

Posted in Uncategorized on Jul 19, 2024



Unbeatable Prices and Performance: HostingbyAliTech's Cloud Hosting

Posted in Hosting Promotions on Jun 07, 2024

HostingbyAliTech offers low-cost cloud web hosting with optimized performance using CyberPanel and LiteSpeed, making it the top choice for quality and speed-conscious clients since 2020.



OpenAI Bought the Web Domain Chat.com: Did OpenAI Just Spend More Than $10 Million on a URL?

Posted in News on Nov 07, 2024

OpenAI recently acquired Chat.com, which now redirects to ChatGPT, enhancing its brand visibility and accessibility. Previously owned by Dharmesh Shah, who bought it for $15.5 million, the domain likely sold to OpenAI for an even higher price. This strategic purchase underscores OpenAI’s commitment to making AI tools more accessible and reflects the growing importance of conversational AI in modern technology.



Apple Is Developing a Doorbell That Unlocks With Your Face, Report Says

Posted in News on Dec 24, 2024

Apple is reportedly developing a revolutionary smart doorbell with Face ID, allowing it to unlock your door by recognizing your face. This innovative device is expected to integrate seamlessly with Apple's growing smart home ecosystem, including upcoming security cameras and a new smart home hub. With a potential release date in late 2025, Apple aims to challenge Amazon and Google in the smart home market by prioritizing privacy and user experience.



Exploring OpenAI's New AI Models: o1-Preview and o1-Mini – A Leap Toward More Human-Like AI

Posted in News on Sep 13, 2024

OpenAI has just unveiled its highly anticipated models, o1-preview and o1-mini, marking a significant leap in AI technology. Known initially as "Strawberry," the o1-preview model is designed to mimic human-like reasoning by taking more time to process complex questions and deliver thoughtful answers. Alongside it, the o1-mini offers a faster, more cost-effective option for tasks requiring rapid problem-solving. This article delves into the features, performance, and potential applications of these groundbreaking models, exploring how they aim to redefine AI's role in academia, coding, and beyond



Microsoft Disappoints With Slower Cloud Revenue Forecast

Posted in News on Oct 31, 2024

Microsoft, a giant in the tech industry, recently posted quarterly earnings that exceeded market expectations, but its cloud revenue growth left investors less than impressed. The announcement highlighted a forecast for slower growth in Azure, Microsoft’s cloud computing platform, sparking concerns about the company’s ability to keep up with surging demand for AI services. This shift has implications not just for Microsoft’s revenue trajectory but also for its position in the competitive tech landscape. Here’s a closer look at what’s behind this surprising turn of events



4 tips to enable Nested Virtualization like a PRO

Posted in Technical Solutions on Oct 17, 2021

Nested virtualization is used to enable, use or create virtual machines within virtual machines, consider Virtualbox is running CentOS virtual machine



Is Microsoft Using Your Word Documents to Train AI?

Posted in News on Nov 27, 2024

Microsoft is facing allegations of using Word and Excel user data to train its AI models through a default-enabled feature called "Connected Experiences." While the company denies these claims, citing privacy safeguards, critics argue that the convoluted opt-out process and vague terms of service raise ethical concerns. This controversy highlights the tension between advancing AI technology and protecting user privacy, urging companies to adopt clearer policies and transparent communication.



Can Renewable Energy Really Fix the Global Energy Crisis?

Posted in News on Jan 10, 2025

Renewable energy offers a transformative potential to address the global energy crisis by leveraging sustainable resources like solar, wind, and hydropower. While advancements in technology and infrastructure have made clean energy more accessible and affordable, challenges such as intermittency, high initial costs, and outdated grids remain. Innovations like battery energy storage, decentralized grids, and agrivoltaics are helping to overcome these hurdles, paving the way for a greener, more reliable energy future. However, a comprehensive approach combining renewable energy, policy support, and technological breakthroughs is essential to create a sustainable and resilient global energy system.



Google’s New Verified Checkmarks in Search: A Game-Changer for User Trust

Posted in News on Oct 08, 2024

As we navigate the digital age, online trust has become increasingly important. Google is now experimenting with a feature that aims to strengthen this trust: verified checkmarks in search results. These blue ticks could soon help users easily identify which businesses are legitimate and trustworthy. But what does this mean for the average internet user? Let’s dive deeper into this new feature and explore its implications.



NASA Offers $3 Million Prize to Help Solve a Huge Problem in Moon Missions

Posted in News on Oct 18, 2024

NASA is gearing up for long-term missions on the Moon, but a significant challenge has surfaced—how to handle the waste produced in space. To address this, NASA is offering up to $3 million to those who can help solve this growing problem. The LunaRecycle Challenge aims to develop innovative waste management solutions that can reduce solid waste and enhance the sustainability of lunar missions.



Everything You Need to Know About Meta Connect 2024

Posted in News on Sep 23, 2024

Meta Connect 2024, happening from September 25 to 26, promises to be a groundbreaking event in the world of augmented and virtual reality. Attendees can expect exciting announcements, including the anticipated Quest 3S headset, which aims to offer a more affordable VR experience, and the innovative Orion AR glasses designed for seamless augmented reality interactions. In addition to hardware, the conference will highlight advancements in artificial intelligence, potentially unveiling an upgraded version of the Llama language model to enhance user experiences across Meta’s platforms. With live-streamed keynotes and developer sessions, Meta Connect 2024 is set to shape the future of technology and the metaverse, making it a must-watch event for enthusiasts and developers alike.



Alibaba Expects AI to Drive More Than Half of Its Cloud Segment Growth

Posted in Uncategorized on Aug 19, 2024

In this article, we explore how Alibaba's investment in AI is driving significant growth in its cloud segment. With a focus on GPU-based AI product development, Alibaba aims to regain its position in the competitive global cloud market. Discover the strategies and challenges the company faces as it navigates the future of cloud computing



Start Saving Now

Posted in Hosting Promotions on Jan 29, 2021

Now you host your website at very low cost and save big. HostingbyAliTech is offering you litespeed web hosting at $0.45 per month. Whats a Big deal? Get web hosting services now and save your money.



[SOLVED/FIXED] Python Django - crbug non-JS module files deprecated.

Posted in Technical Solutions on Feb 28, 2022

[SOLVED/FIXED] Python Django - crbug/1173575, non-JS module files deprecated. ERROR: ERR_TOO_MANY_REDIRECTS SOLUTION:



Firewall in Pakistan: Restricting Online Freedom and Access 2024

Posted in News on Aug 19, 2024

Pakistan's government is set to implement a nationwide firewall, sparking concerns about internet censorship and restrictions on online dissent. The firewall will monitor and control internet usage, targeting social media platforms and regulating VPNs. With a history of internet restrictions, this move raises questions about the future of free expression and democratic engagement in Pakistan. Key Points: Pakistan's national firewall will control access to social media platforms and monitor online activities The firewall aims to track and control internet usage, including VPNs Lack of transparency surrounding the project's scope and implications International concerns about the impact on freedom of expression and democratic principles Experts warn of potential risks to online privacy and security Read the full article to learn more about Pakistan's national firewall and its implications for internet freedom.



Comprehensive Guide to Web Hosting and Business Website Creation

Posted in Uncategorized on Jun 25, 2024

Creating a robust online presence is crucial for any business. This guide explores web hosting options, domain registration, and website creation tools. We cover reseller hosting plans, VPS hosting, Magento hosting, and the best hosting providers for small businesses. We also discuss how to create a business website for free and the best platforms for blog hosting



ACME now uses ZeroSSL, here is what you need to do for your CyberPanel

Posted in Technical Solutions on Jul 02, 2021

ACME now uses ZeroSSL, here is what you need to do for your CyberPanel.



Ubuntu 18.04.6 LTS (Bionic Beaver) / Ubuntu 20.04.3 LTS (Focal Fossa) - Common Commands

Posted in Technical Solutions on Nov 04, 2021

Ubuntu 18.04.6 LTS (Bionic Beaver) / Ubuntu 20.04.3 LTS (Focal Fossa) - Common Commands & Frequent Tasks Disabling the firewall - iptables if you need to disable the firewall temporarily, you can flush all the rules using




Other Blogs


Unbeatable Prices and Performance: HostingbyAliTech's Cloud Hosting

Posted in Hosting Promotions on Jun 07, 2024 and updated on Jun 07, 2024

Apple Is Developing a Doorbell That Unlocks With Your Face, Report Says

Posted in News on Dec 24, 2024 and updated on Dec 24, 2024

Microsoft Disappoints With Slower Cloud Revenue Forecast

Posted in News on Oct 31, 2024 and updated on Oct 31, 2024

4 tips to enable Nested Virtualization like a PRO

Posted in Technical Solutions on Oct 17, 2021 and updated on Oct 17, 2021

Is Microsoft Using Your Word Documents to Train AI?

Posted in News on Nov 27, 2024 and updated on Nov 27, 2024

Can Renewable Energy Really Fix the Global Energy Crisis?

Posted in News on Jan 10, 2025 and updated on Jan 10, 2025

Google’s New Verified Checkmarks in Search: A Game-Changer for User Trust

Posted in News on Oct 08, 2024 and updated on Oct 08, 2024

NASA Offers $3 Million Prize to Help Solve a Huge Problem in Moon Missions

Posted in News on Oct 18, 2024 and updated on Oct 18, 2024

Everything You Need to Know About Meta Connect 2024

Posted in News on Sep 23, 2024 and updated on Sep 23, 2024

Alibaba Expects AI to Drive More Than Half of Its Cloud Segment Growth

Posted in Uncategorized on Aug 19, 2024 and updated on Aug 19, 2024

Start Saving Now

Posted in Hosting Promotions on Jan 29, 2021 and updated on Jan 30, 2021

Firewall in Pakistan: Restricting Online Freedom and Access 2024

Posted in News on Aug 19, 2024 and updated on Aug 19, 2024

Comprehensive Guide to Web Hosting and Business Website Creation

Posted in Uncategorized on Jun 25, 2024 and updated on Jun 25, 2024

Start Saving Now

Posted in Hosting Promotions on Jan 29, 2021

Start Saving Now

Posted in Hosting Promotions on Jan 29, 2021







Comments

Please sign in to comment!






Subscribe To Our Newsletter

Stay in touch with us to get latest news and discount coupons