Hackers Hijack Many New Company Accounts With Domain Names On Squarespace



Introduction

More than one dozen firms with domain names found across Squarespace witnessed their websites get hijacked recently. This incident highlights a critical flaw in domain security that needs immediate attention. Domain security is paramount as it protects the online identity and assets of businesses.

Background

In June of last year, Squarespace acquired assets belonging to Google Domains, encompassing nearly 10 million domain names. The acquisition aimed to streamline services and provide a unified platform for domain management. However, the migration process left several vulnerabilities exposed.

The Hijacking Incident

The domain hijacking incident lasted from July 9th to 12th, primarily targeting crypto-themed entities such as Celer Network and Pendle Finance. During this period, malicious hackers took advantage of the migration process's loopholes, leading to significant security breaches.

How the Hijacking Occurred

Hackers exploited a flaw in the migration process that allowed them to supply email IDs linked to a domain that was still under registration. Without proper email validation, attackers could easily create accounts linked to these domains, bypassing the need for passwords initially set by legitimate users.

Impact on Crypto-Themed Entities

The hijacking primarily affected crypto-themed entities, which are lucrative targets due to the substantial funds involved. Companies like Celer Network and Pendle Finance faced potential financial losses as their domain names were compromised, putting their users at risk.

Redirecting to Phishing Sites

Once the attackers gained control of the domains, they redirected them to phishing sites designed to steal crypto funds from visitors. This method is particularly dangerous as it exploits the trust users place in these platforms, leading to significant financial losses.

Squarespace's Response

In the wake of the incident, Squarespace opted to remain silent initially, offering no comments or statements regarding the attack. However, the company has since taken steps to address the vulnerabilities and prevent future incidents.

Expert Analysis

Cybersecurity experts have analyzed the incident, highlighting the flaws in Squarespace's migration process. The assumption that users would opt for 'Continue with Apple or Google' over 'Continue with email' proved to be a critical oversight.

Metamask's Insight

The head of Metamask explained how Squarespace never anticipated threat actors signing up for accounts linked to newly migrated domains before the legitimate email holders did. This oversight allowed attackers to exploit the system and hijack the domains.

Lack of Domain Activity Insights

One major concern is the absence of activity insights or audit logs for domains managed by Squarespace. Without these logs, it's challenging to detect and respond to unauthorized actions, making domains vulnerable to hijacking without any alerts being sent.

Further Exploitation Risks

The lack of robust security measures means that future exploitation risks remain high. It's crucial for Squarespace and other domain management platforms to implement stricter security protocols to safeguard their users' assets.

Steps for Affected Users

For users affected by the hijacking, immediate actions include enabling two-factor authentication, reviewing and removing unnecessary contributor accounts, and reverting unauthorized changes. Long-term security practices should involve regular monitoring of domain activity and employing strong, unique passwords.

Preventing Future Attacks

To prevent future attacks, Squarespace must improve its security measures, including mandatory email validation and comprehensive audit logs. Users should also be vigilant and proactive in securing their domains, using robust security tools and practices.

Conclusion

The recent domain hijacking incident at Squarespace serves as a stark reminder of the importance of domain security. By addressing the vulnerabilities and implementing stronger security measures, both Squarespace and its users can better protect their online assets and identities.

FAQs

How did the hackers exploit the flaw?

Hackers exploited a flaw in the migration process by supplying email IDs linked to domains that were still under registration, allowing them to create accounts without proper validation.

Which companies were most affected?

Crypto-themed entities like Celer Network and Pendle Finance were among the most affected, facing potential financial losses due to the hijacking.

What steps should users take now?

Affected users should enable two-factor authentication, review and remove unnecessary contributor accounts, revert unauthorized changes, and regularly monitor their domain activity.

How can future domain hijackings be prevented?

Future hijackings can be prevented by implementing stricter security measures, such as mandatory email validation, comprehensive audit logs, and robust monitoring tools.

What changes has Squarespace implemented post-attack?

Squarespace has started disallowing the creation of new accounts using only an email address and is likely working on further security enhancements to prevent similar incidents in the future.

Tags: Hackers Hijack Company Accounts, Squarespace Domain Hijacking, Cybersecurity Incident, Crypto-Themed Entities, Domain Security Flaws, Google Domains Acquisition, Phishing Attacks, Domain Migration Vulnerabilities, Email Validation Issues, Cybersecurity Measures, Two-Factor Authentication, Domain Management Security, Squarespace Response, Protecting Online Assets, Cybersecurity Best Practices

Read more : https://www.hostingbyalitech.com/blog

Alitech Blog

Posted in Uncategorized on Jul 19, 2024



AI-powered Web Hosting and Its Benefits

Posted in Uncategorized on Jul 10, 2024

AI-powered web hosting leverages artificial intelligence technologies to manage, optimize, and enhance traditional web hosting experiences. It offers unparalleled benefits such as enhanced performance and speed, improved security measures, efficient resource management, and intelligent traffic analysis. This type of hosting integrates AI to predict traffic patterns, dynamically allocate resources, and ensure superior website performance. Businesses adopting AI-powered web hosting can expect faster load times, automated threat detection, and scalable solutions that cater to growing needs. As AI technology continues to evolve, the future of web hosting looks promising, offering even more sophisticated and efficient solutions.



[SOLVED / FIXED ] Mixing of GROUP columns (MIN(),MAX(),COUNT(),…) with no GROUP columns is illegal if there is no GROUP BY clause. Error in Maria DB

Posted in Technical Solutions on Feb 01, 2021

[SOLVED] Mixing of GROUP columns (MIN(),MAX(),COUNT(),…) with no GROUP columns is illegal if there is no GROUP BY clause. Error in Maria DB



Intel CEO Pat Gelsinger's Dramatic Exit: A Tech Industry Watershed Moment

Posted in News on Dec 03, 2024

Intel CEO Pat Gelsinger abruptly resigned on December 1, 2024, after a challenging three-year tenure. His departure follows the company's dramatic decline, with Intel's stock falling 61% and losing ground to AI-focused competitors like Nvidia. The company has appointed interim co-CEOs while searching for a permanent replacement, marking a critical moment in Intel's struggle to remain competitive in the rapidly evolving semiconductor industry.



Fastest Growing and Declining Jobs by 2030 as AI Rises

Posted in News on Jan 09, 2025

The job market is rapidly evolving, driven by advancements in artificial intelligence (AI), green energy transitions, and changing demographics. By 2030, roles like AI specialists, software developers, and renewable energy experts are expected to thrive, while jobs in clerical work and repetitive tasks may face significant declines due to automation. This blog explores the fastest-growing and declining professions, emphasizing the importance of reskilling and adaptability to stay ahead in the future of work. Discover how industries are transforming and what skills will remain indispensable in this dynamic landscape.



Alibaba Cloud Completes 500 Petabyte Data Migration for Xiaohongshu

Posted in News on Nov 12, 2024

Explore the story behind China’s largest data migration as Alibaba Cloud completes a record-breaking 500-petabyte data migration for Xiaohongshu, China’s popular social media and lifestyle platform. Learn why this migration was necessary, how Alibaba Cloud handled complex challenges, and the lasting impact on both companies and China’s cloud industry. This in-depth article covers the technical, strategic, and future-focused aspects of this monumental project.



[SOLVED / FIXED] LinkedIn Company Page Creation error : An error has occurred, please try again later. Learn more.

Posted on Jun 09, 2021

[FIXED] : LinkedIn Company Page Creation error : An error has occurred, please try again later. Learn more. [SOLUTION]: In order to create a Company Page in LinkedIn you will need to meet all the requirements below.



Unlocking the Power of Cloud Web Hosting: A Comprehensive Guide

Posted in Uncategorized on Jun 24, 2024

Discover the benefits of cloud web hosting and how it can transform your online presence. Learn about the features, advantages, and top providers of cloud hosting, and find out how to get started with building your own website for free



Ransomware attack forces web hosting provider Managed.com

Posted in News on Jan 25, 2021

Ransomware attack forces web hosting provider Managed.com to take servers offline.



General Motors (GM) Lays Off Over 1,000 Salaried Software, Services Employees

Posted in News on Aug 20, 2024

General Motors (GM) has announced the layoff of over 1,000 salaried employees from its software and services divisions, signaling a major shift in its strategic focus. The cuts, affecting both domestic and international positions, come as GM aims to streamline operations and prioritize high-impact projects such as enhancing its Super Cruise driver assistance system and exploring artificial intelligence. This move follows a review after the departure of former executive Mike Abbott and reflects GM's broader push towards innovation in the rapidly evolving automotive sector.



Blessed Friday Sale in Pakistan 2024

Posted in News on Nov 22, 2024

The Blessed Friday Sale 2024 in Pakistan offers incredible discounts across various categories, including clothing, electronics, footwear, and accessories. Renowned brands like Gul Ahmed, Nishat Linen, Engine, and Stylo are providing flat discounts ranging from 25% to 80%. Tech enthusiasts can explore exciting deals on gadgets from Audionic, Samsung, and Dany Tech, while fashion lovers can shop trendy collections at Breakout, Cougar Clothing, and Cambridge. With options for men, women, and kids, this shopping event is perfect for upgrading your wardrobe or grabbing tech essentials. Don't miss out—shop these amazing offers from top brands online or in stores!



New Look with the New Plans...

Posted on Jan 04, 2021

New Look with the New Plans... Buy the hosting which doesn’t only saves you money but also give you extreme performance...



Ubuntu 18.04.6 LTS (Bionic Beaver) / Ubuntu 20.04.3 LTS (Focal Fossa) - Common Commands

Posted in Technical Solutions on Nov 04, 2021

Ubuntu 18.04.6 LTS (Bionic Beaver) / Ubuntu 20.04.3 LTS (Focal Fossa) - Common Commands & Frequent Tasks Disabling the firewall - iptables if you need to disable the firewall temporarily, you can flush all the rules using



Oprah’s Upcoming AI Television Special Sparks Outrage Among Tech Critics

Posted in News on Sep 04, 2024

Oprah Winfrey's upcoming AI television special, "AI and the Future of Us," airing on September 12, 2024, has sparked significant controversy. While the show aims to educate viewers about the impact of artificial intelligence, featuring interviews with tech leaders like Sam Altman and Bill Gates, critics argue that it may serve more as a promotional platform for the AI industry than as an unbiased exploration. Concerns have been raised about the potential for bias, with some fearing the show might downplay the ethical, social, and environmental challenges posed by AI.



Firewall in Pakistan: Restricting Online Freedom and Access 2024

Posted in News on Aug 19, 2024

Pakistan's government is set to implement a nationwide firewall, sparking concerns about internet censorship and restrictions on online dissent. The firewall will monitor and control internet usage, targeting social media platforms and regulating VPNs. With a history of internet restrictions, this move raises questions about the future of free expression and democratic engagement in Pakistan. Key Points: Pakistan's national firewall will control access to social media platforms and monitor online activities The firewall aims to track and control internet usage, including VPNs Lack of transparency surrounding the project's scope and implications International concerns about the impact on freedom of expression and democratic principles Experts warn of potential risks to online privacy and security Read the full article to learn more about Pakistan's national firewall and its implications for internet freedom.



Exploring OpenAI's New AI Models: o1-Preview and o1-Mini – A Leap Toward More Human-Like AI

Posted in News on Sep 13, 2024

OpenAI has just unveiled its highly anticipated models, o1-preview and o1-mini, marking a significant leap in AI technology. Known initially as "Strawberry," the o1-preview model is designed to mimic human-like reasoning by taking more time to process complex questions and deliver thoughtful answers. Alongside it, the o1-mini offers a faster, more cost-effective option for tasks requiring rapid problem-solving. This article delves into the features, performance, and potential applications of these groundbreaking models, exploring how they aim to redefine AI's role in academia, coding, and beyond



Google Imagen 3 is Now Available for All Gemini Users

Posted in News on Oct 11, 2024

Google has once again pushed the boundaries of artificial intelligence with the release of Imagen 3, its most advanced image generation model to date. This powerful tool, now available to all users of Gemini, promises to revolutionize how we interact with AI-generated imagery by offering unmatched photorealism, vibrant colors, and enhanced control over prompts. But what exactly makes Imagen 3 stand out? Let's dive into all the exciting details of this cutting-edge technology



Mastering WooCommerce SEO: A Complete Guide to Optimize Your Online Store

Posted on Dec 05, 2024

Discover the ultimate guide to WooCommerce SEO and learn how to optimize your online store for better visibility, increased traffic, and higher sales with proven strategies and tools



The Impact of Server Location on Website Speed and SEO

Posted in Uncategorized on Jul 24, 2024

Choosing the right server location is crucial for optimizing website speed and improving SEO rankings. This article explores how server location affects load times, the benefits of using CDNs, and best practices for selecting the optimal server location to enhance both global and local website performance. Discover the impact of latency, data transfer rates, and regional targeting on your site's user experience and search engine visibility.




Other Blogs


AI-powered Web Hosting and Its Benefits

Posted in Uncategorized on Jul 10, 2024 and updated on Jul 10, 2024

Intel CEO Pat Gelsinger's Dramatic Exit: A Tech Industry Watershed Moment

Posted in News on Dec 03, 2024 and updated on Dec 03, 2024

Fastest Growing and Declining Jobs by 2030 as AI Rises

Posted in News on Jan 09, 2025 and updated on Jan 09, 2025

Alibaba Cloud Completes 500 Petabyte Data Migration for Xiaohongshu

Posted in News on Nov 12, 2024 and updated on Nov 12, 2024

Unlocking the Power of Cloud Web Hosting: A Comprehensive Guide

Posted in Uncategorized on Jun 24, 2024 and updated on Jun 24, 2024

Ransomware attack forces web hosting provider Managed.com

Posted in News on Jan 25, 2021 and updated on Mar 30, 2022

General Motors (GM) Lays Off Over 1,000 Salaried Software, Services Employees

Posted in News on Aug 20, 2024 and updated on Aug 20, 2024

Blessed Friday Sale in Pakistan 2024

Posted in News on Nov 22, 2024 and updated on Nov 22, 2024

New Look with the New Plans...

Posted on Jan 04, 2021 and updated on Aug 26, 2022

Oprah’s Upcoming AI Television Special Sparks Outrage Among Tech Critics

Posted in News on Sep 04, 2024 and updated on Sep 04, 2024

Firewall in Pakistan: Restricting Online Freedom and Access 2024

Posted in News on Aug 19, 2024 and updated on Aug 19, 2024

Google Imagen 3 is Now Available for All Gemini Users

Posted in News on Oct 11, 2024 and updated on Oct 11, 2024

Mastering WooCommerce SEO: A Complete Guide to Optimize Your Online Store

Posted on Dec 05, 2024 and updated on Dec 05, 2024

The Impact of Server Location on Website Speed and SEO

Posted in Uncategorized on Jul 24, 2024 and updated on Jul 24, 2024

Blessed Friday Sale in Pakistan 2024

Posted in News on Nov 22, 2024

New Look with the New Plans...

Posted on Jan 04, 2021

Blessed Friday Sale in Pakistan 2024

Posted in News on Nov 22, 2024

New Look with the New Plans...

Posted on Jan 04, 2021







Comments

Please sign in to comment!






Subscribe To Our Newsletter

Stay in touch with us to get latest news and discount coupons