Hackers Hijack Many New Company Accounts With Domain Names On Squarespace



Introduction

More than one dozen firms with domain names found across Squarespace witnessed their websites get hijacked recently. This incident highlights a critical flaw in domain security that needs immediate attention. Domain security is paramount as it protects the online identity and assets of businesses.

Background

In June of last year, Squarespace acquired assets belonging to Google Domains, encompassing nearly 10 million domain names. The acquisition aimed to streamline services and provide a unified platform for domain management. However, the migration process left several vulnerabilities exposed.

The Hijacking Incident

The domain hijacking incident lasted from July 9th to 12th, primarily targeting crypto-themed entities such as Celer Network and Pendle Finance. During this period, malicious hackers took advantage of the migration process's loopholes, leading to significant security breaches.

How the Hijacking Occurred

Hackers exploited a flaw in the migration process that allowed them to supply email IDs linked to a domain that was still under registration. Without proper email validation, attackers could easily create accounts linked to these domains, bypassing the need for passwords initially set by legitimate users.

Impact on Crypto-Themed Entities

The hijacking primarily affected crypto-themed entities, which are lucrative targets due to the substantial funds involved. Companies like Celer Network and Pendle Finance faced potential financial losses as their domain names were compromised, putting their users at risk.

Redirecting to Phishing Sites

Once the attackers gained control of the domains, they redirected them to phishing sites designed to steal crypto funds from visitors. This method is particularly dangerous as it exploits the trust users place in these platforms, leading to significant financial losses.

Squarespace's Response

In the wake of the incident, Squarespace opted to remain silent initially, offering no comments or statements regarding the attack. However, the company has since taken steps to address the vulnerabilities and prevent future incidents.

Expert Analysis

Cybersecurity experts have analyzed the incident, highlighting the flaws in Squarespace's migration process. The assumption that users would opt for 'Continue with Apple or Google' over 'Continue with email' proved to be a critical oversight.

Metamask's Insight

The head of Metamask explained how Squarespace never anticipated threat actors signing up for accounts linked to newly migrated domains before the legitimate email holders did. This oversight allowed attackers to exploit the system and hijack the domains.

Lack of Domain Activity Insights

One major concern is the absence of activity insights or audit logs for domains managed by Squarespace. Without these logs, it's challenging to detect and respond to unauthorized actions, making domains vulnerable to hijacking without any alerts being sent.

Further Exploitation Risks

The lack of robust security measures means that future exploitation risks remain high. It's crucial for Squarespace and other domain management platforms to implement stricter security protocols to safeguard their users' assets.

Steps for Affected Users

For users affected by the hijacking, immediate actions include enabling two-factor authentication, reviewing and removing unnecessary contributor accounts, and reverting unauthorized changes. Long-term security practices should involve regular monitoring of domain activity and employing strong, unique passwords.

Preventing Future Attacks

To prevent future attacks, Squarespace must improve its security measures, including mandatory email validation and comprehensive audit logs. Users should also be vigilant and proactive in securing their domains, using robust security tools and practices.

Conclusion

The recent domain hijacking incident at Squarespace serves as a stark reminder of the importance of domain security. By addressing the vulnerabilities and implementing stronger security measures, both Squarespace and its users can better protect their online assets and identities.

FAQs

How did the hackers exploit the flaw?

Hackers exploited a flaw in the migration process by supplying email IDs linked to domains that were still under registration, allowing them to create accounts without proper validation.

Which companies were most affected?

Crypto-themed entities like Celer Network and Pendle Finance were among the most affected, facing potential financial losses due to the hijacking.

What steps should users take now?

Affected users should enable two-factor authentication, review and remove unnecessary contributor accounts, revert unauthorized changes, and regularly monitor their domain activity.

How can future domain hijackings be prevented?

Future hijackings can be prevented by implementing stricter security measures, such as mandatory email validation, comprehensive audit logs, and robust monitoring tools.

What changes has Squarespace implemented post-attack?

Squarespace has started disallowing the creation of new accounts using only an email address and is likely working on further security enhancements to prevent similar incidents in the future.

Tags: Hackers Hijack Company Accounts, Squarespace Domain Hijacking, Cybersecurity Incident, Crypto-Themed Entities, Domain Security Flaws, Google Domains Acquisition, Phishing Attacks, Domain Migration Vulnerabilities, Email Validation Issues, Cybersecurity Measures, Two-Factor Authentication, Domain Management Security, Squarespace Response, Protecting Online Assets, Cybersecurity Best Practices

Read more : https://www.hostingbyalitech.com/blog

Alitech Blog

Posted in Uncategorized on Jul 19, 2024



The Importance of Cybersecurity in the Modern World of Web Hosting and Domain Names

Posted in Uncategorized on Jul 15, 2024

In today's digital age, cybersecurity is vital for protecting web hosting and domain names from various threats such as malware, phishing attacks, and data breaches. This article explores the importance of cybersecurity, offering insights and actionable steps to safeguard your online presence.



Cloud Platform - Add Swap File on CentOS 7

Posted in Technical Solutions on Feb 28, 2021

Cloud Platform - Add Swap File on CentOS 7, I will start with adding 4GB of swapfile, to check 4GB equivalent to KB I will use below site.



The Impact of Server Location on Website Speed and SEO

Posted in Uncategorized on Jul 24, 2024

Choosing the right server location is crucial for optimizing website speed and improving SEO rankings. This article explores how server location affects load times, the benefits of using CDNs, and best practices for selecting the optimal server location to enhance both global and local website performance. Discover the impact of latency, data transfer rates, and regional targeting on your site's user experience and search engine visibility.



Apple lands most profitable quarter of 2021

Posted in News on Jan 30, 2021

Revenue up 21 percent and EPS up 35 percent to new all-time records. Apple reported its largest-ever quarter when measured by revenue with $111.4 billion in Q4 revenue. This is impressive! Apple Inc cornered nearly a quarter of the global smartphone market in the fourth quarter, making it the world’s biggest seller. I still remember the discussions of not too long ago when many pundits questioned Apple’s iPhone strategy and future potential. Well... I guess here’s the answer!



[SOLVED / FIXED] Django error 400 bad request

Posted in Technical Solutions on Jul 04, 2021

[SOLEVED] Django error 400 bad request



Fastest Growing and Declining Jobs by 2030 as AI Rises

Posted in News on Jan 09, 2025

The job market is rapidly evolving, driven by advancements in artificial intelligence (AI), green energy transitions, and changing demographics. By 2030, roles like AI specialists, software developers, and renewable energy experts are expected to thrive, while jobs in clerical work and repetitive tasks may face significant declines due to automation. This blog explores the fastest-growing and declining professions, emphasizing the importance of reskilling and adaptability to stay ahead in the future of work. Discover how industries are transforming and what skills will remain indispensable in this dynamic landscape.



Understanding Hosting and Domains: A Comprehensive Guide

Posted in Uncategorized on Jun 21, 2024

Are you looking for reliable and affordable web hosting services? Look no further than AliTech Hosting! We offer a wide range of hosting plans tailored to suit your needs, whether you're just starting your online journey or managing multiple websites. With our cloud-powered infrastructure, guaranteed lowest costs, free domains, and SSL certificates, AliTech Hosting ensures top-notch performance and security for your websites. Our shared hosting plans come with the added benefit of SSD storage, DDoS protection, and a 99.99% uptime guarantee, ensuring your websites are always up and running smoothly. Plus, our 24/7 expert support team is here to assist you every step of the way, from setup to maintenance. Looking for something more scalable? Our VPS hosting plans provide dedicated resources and full root access for maximum control and customization. With quick activation, 90 days money-back guarantee, and access to advanced features like CyberPanel cPanel, AliTech Hosting makes it easy to grow your online presence. Upgrade your plan today and experience the difference with AliTech Hosting. Join thousands of satisfied customers who trust us for their web hosting needs. Get started now and take your website to new heights!



[SOLVED / FIXED] Django attempt to write a readonly database OpenLiteSpeed & CyberPanel

Posted in Technical Solutions on Jun 12, 2021

[SOLVED] Django attempt to write a readonly database OpenLiteSpeed & CyberPanel



How to Install Remote Desktop on Ubuntu 18.04.6 / Ubuntu 20.04.4 / Raspberry Pi / AMD64 / ARM64

Posted in Technical Solutions on Jun 29, 2022

How to Install Remote Desktop on Ubuntu 18.04.6 / Ubuntu 20.04.4 / Raspberry Pi / AMD64 / ARM64



Japan Airlines Delays Flights After Cyberattack

Posted in News on Dec 26, 2024

On December 26, 2024, Japan Airlines fell victim to a cyberattack that caused significant disruptions to its operations. The attack, which targeted network equipment, led to delays in domestic and international flights, affecting thousands of passengers. Despite the challenges, JAL swiftly acted to identify and contain the attack, preventing major cancellations. The incident highlights the growing threat of cyberattacks on critical infrastructure and the importance of robust cybersecurity measures to prevent future disruptions.



AliTech Python Django Hosting: Unleash Extreme Performance for Your Web Projects

Posted in About Hosting by AliTech on Aug 21, 2024

Discover why AliTech's Python Django Hosting stands out for developers seeking extreme performance and reliability. With plans featuring SSD storage, instant provisioning, and guaranteed resources, AliTech provides the ideal environment for your Django applications. Whether you're starting with the Bronze plan or scaling up to Titanium, explore how AliTech’s hosting solutions offer unmatched speed, flexibility, and control to power your web projects.



AliTech WordPress Hosting: Unmatched Performance for Your WordPress Sites 2024

Posted in About Hosting by AliTech on Aug 22, 2024

Explore the benefits of AliTech WordPress Hosting, designed for extreme performance and reliability. With SSD storage, instant provisioning, and guaranteed resources, AliTech offers tailored hosting solutions to meet the needs of any WordPress site. Whether you're starting with the Bronze plan or scaling up to Titanium, discover how AliTech provides the power and flexibility to keep your site running smoothly and efficiently.



[SOLVED / FIXED ] snapd error: cannot communicate with server: Post http://localhost/v2/snaps/core

Posted in Technical Solutions on Apr 15, 2022

[SOLVED / FIXED ] error: cannot communicate with server: Post http://localhost/v2/snaps/core



General Motors (GM) Lays Off Over 1,000 Salaried Software, Services Employees

Posted in News on Aug 20, 2024

General Motors (GM) has announced the layoff of over 1,000 salaried employees from its software and services divisions, signaling a major shift in its strategic focus. The cuts, affecting both domestic and international positions, come as GM aims to streamline operations and prioritize high-impact projects such as enhancing its Super Cruise driver assistance system and exploring artificial intelligence. This move follows a review after the departure of former executive Mike Abbott and reflects GM's broader push towards innovation in the rapidly evolving automotive sector.



Qualcomm's Snapdragon 8 Elite: A Game Changer in Mobile Processing

Posted in News on Oct 22, 2024

Qualcomm has unveiled its Snapdragon 8 Elite chip, marking a significant advancement in mobile technology. This new chip features the custom-designed Oryon CPU, built on a 3nm process node, which provides a 45% increase in performance compared to its predecessor, the Snapdragon 8 Gen 3, while consuming 27% less power. For gamers, the Snapdragon 8 Elite promises a 40% boost in gaming performance, enabling smoother graphics and faster response times. Enhanced AI capabilities mean improved photography and smarter app interactions, making low-light shots and real-time image processing much more effective. With new smartphones from brands like Samsung and OnePlus set to launch soon, the Snapdragon 8 Elite is set to redefine the mobile experience, offering users unprecedented power and efficiency.



Metro-Goldwyn-Mayer (MGM) Inks Cloud Computing Deal With Amazon in Search for "New Revenue Opportunities"

Posted in News on Feb 09, 2021

MGM (a private company) is set to move all of its content to Amazon’s cloud and use the tech giant’s software to modernize its media supply chain. Metro Goldwyn Mayer has signed a cloud computing agreement with Amazon Web Services to move its content and distribution efforts to the tech giant’s cloud. The James Bond studio is set to move all of its content to Amazon's cloud and use the tech giant's software to modernize its media supply chain.



Graykey and Its Limitations: Insights from Leaked Documents

Posted in News on Nov 20, 2024

Graykey, a forensic tool used to unlock smartphones, is facing challenges with newer devices. Leaked documents reveal it can only partially unlock iPhones running iOS 18, accessing limited data like unencrypted files and metadata. Its performance on Android devices, such as Google Pixel phones, is also limited by device states. This highlights the ongoing battle between tech companies enhancing security and forensic tools trying to keep up, raising questions about privacy and access in the digital age.



Amazon AWS Google Cloud Microsoft Azure Vultr port 25 killed

Posted on Dec 28, 2021

Amazon AWS, Google Cloud, Microsoft Azure, Vultr port 25 If you are looking for sending e-mails through your Virtual Machine Instances you would be disappointed by reading this blog.




Other Blogs


Cloud Platform - Add Swap File on CentOS 7

Posted in Technical Solutions on Feb 28, 2021 and updated on Aug 26, 2022

The Impact of Server Location on Website Speed and SEO

Posted in Uncategorized on Jul 24, 2024 and updated on Jul 24, 2024

Apple lands most profitable quarter of 2021

Posted in News on Jan 30, 2021 and updated on Aug 26, 2022

[SOLVED / FIXED] Django error 400 bad request

Posted in Technical Solutions on Jul 04, 2021 and updated on Jul 28, 2021

Fastest Growing and Declining Jobs by 2030 as AI Rises

Posted in News on Jan 09, 2025 and updated on Jan 09, 2025

Understanding Hosting and Domains: A Comprehensive Guide

Posted in Uncategorized on Jun 21, 2024 and updated on Jun 21, 2024

Japan Airlines Delays Flights After Cyberattack

Posted in News on Dec 26, 2024 and updated on Dec 26, 2024

General Motors (GM) Lays Off Over 1,000 Salaried Software, Services Employees

Posted in News on Aug 20, 2024 and updated on Aug 20, 2024

Qualcomm's Snapdragon 8 Elite: A Game Changer in Mobile Processing

Posted in News on Oct 22, 2024 and updated on Oct 22, 2024

Graykey and Its Limitations: Insights from Leaked Documents

Posted in News on Nov 20, 2024 and updated on Nov 20, 2024

Amazon AWS Google Cloud Microsoft Azure Vultr port 25 killed

Posted on Dec 28, 2021 and updated on Jun 30, 2022







Comments

Please sign in to comment!






Subscribe To Our Newsletter

Stay in touch with us to get latest news and discount coupons