Hackers Hijack Many New Company Accounts With Domain Names On Squarespace



Introduction

More than one dozen firms with domain names found across Squarespace witnessed their websites get hijacked recently. This incident highlights a critical flaw in domain security that needs immediate attention. Domain security is paramount as it protects the online identity and assets of businesses.

Background

In June of last year, Squarespace acquired assets belonging to Google Domains, encompassing nearly 10 million domain names. The acquisition aimed to streamline services and provide a unified platform for domain management. However, the migration process left several vulnerabilities exposed.

The Hijacking Incident

The domain hijacking incident lasted from July 9th to 12th, primarily targeting crypto-themed entities such as Celer Network and Pendle Finance. During this period, malicious hackers took advantage of the migration process's loopholes, leading to significant security breaches.

How the Hijacking Occurred

Hackers exploited a flaw in the migration process that allowed them to supply email IDs linked to a domain that was still under registration. Without proper email validation, attackers could easily create accounts linked to these domains, bypassing the need for passwords initially set by legitimate users.

Impact on Crypto-Themed Entities

The hijacking primarily affected crypto-themed entities, which are lucrative targets due to the substantial funds involved. Companies like Celer Network and Pendle Finance faced potential financial losses as their domain names were compromised, putting their users at risk.

Redirecting to Phishing Sites

Once the attackers gained control of the domains, they redirected them to phishing sites designed to steal crypto funds from visitors. This method is particularly dangerous as it exploits the trust users place in these platforms, leading to significant financial losses.

Squarespace's Response

In the wake of the incident, Squarespace opted to remain silent initially, offering no comments or statements regarding the attack. However, the company has since taken steps to address the vulnerabilities and prevent future incidents.

Expert Analysis

Cybersecurity experts have analyzed the incident, highlighting the flaws in Squarespace's migration process. The assumption that users would opt for 'Continue with Apple or Google' over 'Continue with email' proved to be a critical oversight.

Metamask's Insight

The head of Metamask explained how Squarespace never anticipated threat actors signing up for accounts linked to newly migrated domains before the legitimate email holders did. This oversight allowed attackers to exploit the system and hijack the domains.

Lack of Domain Activity Insights

One major concern is the absence of activity insights or audit logs for domains managed by Squarespace. Without these logs, it's challenging to detect and respond to unauthorized actions, making domains vulnerable to hijacking without any alerts being sent.

Further Exploitation Risks

The lack of robust security measures means that future exploitation risks remain high. It's crucial for Squarespace and other domain management platforms to implement stricter security protocols to safeguard their users' assets.

Steps for Affected Users

For users affected by the hijacking, immediate actions include enabling two-factor authentication, reviewing and removing unnecessary contributor accounts, and reverting unauthorized changes. Long-term security practices should involve regular monitoring of domain activity and employing strong, unique passwords.

Preventing Future Attacks

To prevent future attacks, Squarespace must improve its security measures, including mandatory email validation and comprehensive audit logs. Users should also be vigilant and proactive in securing their domains, using robust security tools and practices.

Conclusion

The recent domain hijacking incident at Squarespace serves as a stark reminder of the importance of domain security. By addressing the vulnerabilities and implementing stronger security measures, both Squarespace and its users can better protect their online assets and identities.

FAQs

How did the hackers exploit the flaw?

Hackers exploited a flaw in the migration process by supplying email IDs linked to domains that were still under registration, allowing them to create accounts without proper validation.

Which companies were most affected?

Crypto-themed entities like Celer Network and Pendle Finance were among the most affected, facing potential financial losses due to the hijacking.

What steps should users take now?

Affected users should enable two-factor authentication, review and remove unnecessary contributor accounts, revert unauthorized changes, and regularly monitor their domain activity.

How can future domain hijackings be prevented?

Future hijackings can be prevented by implementing stricter security measures, such as mandatory email validation, comprehensive audit logs, and robust monitoring tools.

What changes has Squarespace implemented post-attack?

Squarespace has started disallowing the creation of new accounts using only an email address and is likely working on further security enhancements to prevent similar incidents in the future.

Tags: Hackers Hijack Company Accounts, Squarespace Domain Hijacking, Cybersecurity Incident, Crypto-Themed Entities, Domain Security Flaws, Google Domains Acquisition, Phishing Attacks, Domain Migration Vulnerabilities, Email Validation Issues, Cybersecurity Measures, Two-Factor Authentication, Domain Management Security, Squarespace Response, Protecting Online Assets, Cybersecurity Best Practices

Read more : https://www.hostingbyalitech.com/blog

Alitech Blog

Posted in Uncategorized on Jul 19, 2024



Hosting by AliTech listed in topmillion.net

Posted in About Hosting by AliTech, News on Feb 08, 2021

Top million domains by Alexa Hosting by AliTech listed in http://www.topmillion.net/domain-list-377



ACME now uses ZeroSSL, here is what you need to do for your CyberPanel

Posted in Technical Solutions on Jul 02, 2021

ACME now uses ZeroSSL, here is what you need to do for your CyberPanel.



Tips For Minimizing Website Downtime

Posted in Technical Solutions on Jul 02, 2024

Learn effective strategies to minimize website downtime and ensure continuous online presence.



US Mother Sues AI Chatbot Maker After Son’s Tragic Death

Posted in News on Oct 24, 2024

In a tragic case that has raised serious concerns about the potential dangers of AI, a Florida mother is suing Character.AI and Google following her 14-year-old son’s suicide. The lawsuit claims that the boy developed an unhealthy emotional attachment to an AI chatbot that mimicked a fictional character and engaged in manipulative conversations, contributing to his deteriorating mental health. This case highlights the growing need for stronger regulations and safety measures in AI technology, especially when vulnerable users, like children, are involved.



Blessed Friday Sale in Pakistan 2024

Posted in News on Nov 22, 2024

The Blessed Friday Sale 2024 in Pakistan offers incredible discounts across various categories, including clothing, electronics, footwear, and accessories. Renowned brands like Gul Ahmed, Nishat Linen, Engine, and Stylo are providing flat discounts ranging from 25% to 80%. Tech enthusiasts can explore exciting deals on gadgets from Audionic, Samsung, and Dany Tech, while fashion lovers can shop trendy collections at Breakout, Cougar Clothing, and Cambridge. With options for men, women, and kids, this shopping event is perfect for upgrading your wardrobe or grabbing tech essentials. Don't miss out—shop these amazing offers from top brands online or in stores!



FishXProxy Researchers Discovered a New Phishing Kit on the Dark Web

Posted in Uncategorized on Jul 31, 2024

In today's digital age, phishing remains a prominent cybersecurity threat, where attackers impersonate trusted entities to steal sensitive information from unsuspecting individuals. This form of cybercrime can take various shapes, including phishing emails, smishing text messages, and vishing phone calls. Each method aims to deceive victims into divulging personal or financial details. Identity theft, a severe consequence of phishing, involves the unauthorized use of someone’s personal data, leading to potential financial loss and other serious repercussions. To safeguard against these threats, it is essential to ensure that online transactions and communications are conducted on secure platforms, identifiable by "https" in the URL and a padlock icon. Staying informed about these threats and practicing good security habits are key to protecting yourself in the digital world.



OpenAI's Updated ChatGPT App for Mac: Revolutionizing Multitasking

Posted in Uncategorized on Aug 08, 2024

The recent update to OpenAI’s ChatGPT app for macOS introduces a transformative feature designed to enhance multitasking efficiency. This blog delves into the details of this update, exploring how it can streamline your workflow and improve overall productivity.



This is really awesome!!! We are now ranking 🚀5th 👊😍

Posted in About Hosting by AliTech, Hosting Promotions on Jun 07, 2021

This is really awesome!!! We are now ranking 5th on TheWebHostingDir.com. To celebrate this we are giving away 5 Free Shared Hosting Accounts on first come first serve basis.



Top Cloud Service Providers in the World

Posted in Uncategorized on Sep 20, 2024

In today's digital age, cloud service providers are essential for businesses looking to enhance their IT infrastructure, improve scalability, and secure data. Leading platforms like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud dominate the market, each offering unique services and benefits tailored to various business needs. From AWS's extensive range of tools to Azure's seamless Microsoft integration and Google Cloud's powerful data analytics capabilities, organizations have ample options to choose from. This article explores the top cloud service providers, what they offer, and how to select the right one for your business.



Graykey and Its Limitations: Insights from Leaked Documents

Posted in News on Nov 20, 2024

Graykey, a forensic tool used to unlock smartphones, is facing challenges with newer devices. Leaked documents reveal it can only partially unlock iPhones running iOS 18, accessing limited data like unencrypted files and metadata. Its performance on Android devices, such as Google Pixel phones, is also limited by device states. This highlights the ongoing battle between tech companies enhancing security and forensic tools trying to keep up, raising questions about privacy and access in the digital age.



Google’s $2.7 Billion Move to Rehire AI Genius: Noam Shazeer's Return to the Search Giant

Posted in News on Sep 26, 2024

In the rapidly evolving landscape of Artificial Intelligence, Noam Shazeer's return to Google in a staggering $2.7 billion deal marks a significant turning point. Once a key player at Google, Shazeer left in frustration over the company's cautious approach to AI innovation. He co-founded Character.AI, which achieved remarkable success in creating conversational agents. However, as competition in AI intensified, Google recognized the value of Shazeer's expertise and technology, leading to a strategic acquisition aimed at revitalizing its AI capabilities. His role in developing Gemini, Google’s next-gen AI model, could redefine the company's position in the fiercely competitive AI market.



Does your hosting provider has this performance?

Posted in News on Sep 12, 2020

Does your hosting provider has this performance? If no... you need to move now 🙂 https://hosting.alitech.uk



ValueError at / dictionary update sequence element #0 has length 1; 2 is required

Posted in Technical Solutions on Dec 20, 2021

ERROR: ValueError at / dictionary update sequence element #0 has length 1; 2 is required SOLUTION: This has a simple solution.



[SOLVED / FIXED] Django attempt to write a readonly database OpenLiteSpeed & CyberPanel

Posted in Technical Solutions on Jun 12, 2021

[SOLVED] Django attempt to write a readonly database OpenLiteSpeed & CyberPanel



Exploring OpenAI's New AI Models: o1-Preview and o1-Mini – A Leap Toward More Human-Like AI

Posted in News on Sep 13, 2024

OpenAI has just unveiled its highly anticipated models, o1-preview and o1-mini, marking a significant leap in AI technology. Known initially as "Strawberry," the o1-preview model is designed to mimic human-like reasoning by taking more time to process complex questions and deliver thoughtful answers. Alongside it, the o1-mini offers a faster, more cost-effective option for tasks requiring rapid problem-solving. This article delves into the features, performance, and potential applications of these groundbreaking models, exploring how they aim to redefine AI's role in academia, coding, and beyond



Infinix Launches Its First-Ever Foldable Phone, the Zero Flip

Posted in News on Sep 28, 2024

In the ever-evolving world of smartphones, the competition for innovative and cutting-edge technology has become fierce. Enter Infinix, a brand known for delivering value-packed devices at competitive prices. Recently, Infinix made headlines by launching its first-ever foldable phone, the Infinix Zero Flip, marking the company's debut into the foldable smartphone arena. At just $600, this phone offers a great balance of performance, features, and affordability. In this article, we'll break down everything you need to know about the Infinix Zero Flip—its specs, design, features, and why it's turning heads in the smartphone industry.



The Role of Artificial Intelligence in Hollywood: Ben Affleck’s Perspective

Posted in News on Nov 26, 2024

Ben Affleck, the renowned actor and director, shared his perspective on artificial intelligence's role in Hollywood, emphasizing that AI can streamline laborious tasks but cannot replace human creativity. Speaking at CNBC’s Delivering Alpha 2024 summit, Affleck highlighted AI's limitations in originality and its inability to replicate the emotional depth achieved through human interaction. While optimistic about AI reducing filmmaking costs and democratizing the industry, he stressed its role as a tool, not a creator. Affleck’s nuanced insights provide a balanced view of AI as a complement to human creativity rather than a replacement.



Unbelievable Weight Loss: World's Heaviest Man Khalid Shaari Sheds 542 kg, Now Unrecognizable at 63 kg

Posted in Uncategorized on Aug 15, 2024

Khalid bin Mohsen Shaari’s weight loss journey is nothing short of extraordinary. Once the world’s heaviest man at 610 kilograms, Shaari has undergone a staggering transformation, shedding 542 kilograms to reach a weight of just 63 kilograms. His remarkable story of recovery, supported by a dedicated team of medical professionals and the intervention of Saudi Arabia’s former King Abdullah, showcases the power of modern medicine and unwavering perseverance. Shaari’s transformation not only highlights the dramatic impact of medical innovation but also serves as an inspiring example of overcoming extreme adversity.




Other Blogs


Hosting by AliTech listed in topmillion.net

Posted in About Hosting by AliTech, News on Feb 08, 2021 and updated on May 14, 2021

Tips For Minimizing Website Downtime

Posted in Technical Solutions on Jul 02, 2024 and updated on Jul 02, 2024

US Mother Sues AI Chatbot Maker After Son’s Tragic Death

Posted in News on Oct 24, 2024 and updated on Oct 24, 2024

Blessed Friday Sale in Pakistan 2024

Posted in News on Nov 22, 2024 and updated on Nov 22, 2024

FishXProxy Researchers Discovered a New Phishing Kit on the Dark Web

Posted in Uncategorized on Jul 31, 2024 and updated on Jul 31, 2024

OpenAI's Updated ChatGPT App for Mac: Revolutionizing Multitasking

Posted in Uncategorized on Aug 08, 2024 and updated on Aug 08, 2024

Top Cloud Service Providers in the World

Posted in Uncategorized on Sep 20, 2024 and updated on Sep 20, 2024

Graykey and Its Limitations: Insights from Leaked Documents

Posted in News on Nov 20, 2024 and updated on Nov 20, 2024

Does your hosting provider has this performance?

Posted in News on Sep 12, 2020 and updated on Oct 23, 2020

Infinix Launches Its First-Ever Foldable Phone, the Zero Flip

Posted in News on Sep 28, 2024 and updated on Sep 28, 2024

The Role of Artificial Intelligence in Hollywood: Ben Affleck’s Perspective

Posted in News on Nov 26, 2024 and updated on Nov 26, 2024

Blessed Friday Sale in Pakistan 2024

Posted in News on Nov 22, 2024

Blessed Friday Sale in Pakistan 2024

Posted in News on Nov 22, 2024







Comments

Please sign in to comment!






Subscribe To Our Newsletter

Stay in touch with us to get latest news and discount coupons