Hackers Hijack Many New Company Accounts With Domain Names On Squarespace



Introduction

More than one dozen firms with domain names found across Squarespace witnessed their websites get hijacked recently. This incident highlights a critical flaw in domain security that needs immediate attention. Domain security is paramount as it protects the online identity and assets of businesses.

Background

In June of last year, Squarespace acquired assets belonging to Google Domains, encompassing nearly 10 million domain names. The acquisition aimed to streamline services and provide a unified platform for domain management. However, the migration process left several vulnerabilities exposed.

The Hijacking Incident

The domain hijacking incident lasted from July 9th to 12th, primarily targeting crypto-themed entities such as Celer Network and Pendle Finance. During this period, malicious hackers took advantage of the migration process's loopholes, leading to significant security breaches.

How the Hijacking Occurred

Hackers exploited a flaw in the migration process that allowed them to supply email IDs linked to a domain that was still under registration. Without proper email validation, attackers could easily create accounts linked to these domains, bypassing the need for passwords initially set by legitimate users.

Impact on Crypto-Themed Entities

The hijacking primarily affected crypto-themed entities, which are lucrative targets due to the substantial funds involved. Companies like Celer Network and Pendle Finance faced potential financial losses as their domain names were compromised, putting their users at risk.

Redirecting to Phishing Sites

Once the attackers gained control of the domains, they redirected them to phishing sites designed to steal crypto funds from visitors. This method is particularly dangerous as it exploits the trust users place in these platforms, leading to significant financial losses.

Squarespace's Response

In the wake of the incident, Squarespace opted to remain silent initially, offering no comments or statements regarding the attack. However, the company has since taken steps to address the vulnerabilities and prevent future incidents.

Expert Analysis

Cybersecurity experts have analyzed the incident, highlighting the flaws in Squarespace's migration process. The assumption that users would opt for 'Continue with Apple or Google' over 'Continue with email' proved to be a critical oversight.

Metamask's Insight

The head of Metamask explained how Squarespace never anticipated threat actors signing up for accounts linked to newly migrated domains before the legitimate email holders did. This oversight allowed attackers to exploit the system and hijack the domains.

Lack of Domain Activity Insights

One major concern is the absence of activity insights or audit logs for domains managed by Squarespace. Without these logs, it's challenging to detect and respond to unauthorized actions, making domains vulnerable to hijacking without any alerts being sent.

Further Exploitation Risks

The lack of robust security measures means that future exploitation risks remain high. It's crucial for Squarespace and other domain management platforms to implement stricter security protocols to safeguard their users' assets.

Steps for Affected Users

For users affected by the hijacking, immediate actions include enabling two-factor authentication, reviewing and removing unnecessary contributor accounts, and reverting unauthorized changes. Long-term security practices should involve regular monitoring of domain activity and employing strong, unique passwords.

Preventing Future Attacks

To prevent future attacks, Squarespace must improve its security measures, including mandatory email validation and comprehensive audit logs. Users should also be vigilant and proactive in securing their domains, using robust security tools and practices.

Conclusion

The recent domain hijacking incident at Squarespace serves as a stark reminder of the importance of domain security. By addressing the vulnerabilities and implementing stronger security measures, both Squarespace and its users can better protect their online assets and identities.

FAQs

How did the hackers exploit the flaw?

Hackers exploited a flaw in the migration process by supplying email IDs linked to domains that were still under registration, allowing them to create accounts without proper validation.

Which companies were most affected?

Crypto-themed entities like Celer Network and Pendle Finance were among the most affected, facing potential financial losses due to the hijacking.

What steps should users take now?

Affected users should enable two-factor authentication, review and remove unnecessary contributor accounts, revert unauthorized changes, and regularly monitor their domain activity.

How can future domain hijackings be prevented?

Future hijackings can be prevented by implementing stricter security measures, such as mandatory email validation, comprehensive audit logs, and robust monitoring tools.

What changes has Squarespace implemented post-attack?

Squarespace has started disallowing the creation of new accounts using only an email address and is likely working on further security enhancements to prevent similar incidents in the future.

Tags: Hackers Hijack Company Accounts, Squarespace Domain Hijacking, Cybersecurity Incident, Crypto-Themed Entities, Domain Security Flaws, Google Domains Acquisition, Phishing Attacks, Domain Migration Vulnerabilities, Email Validation Issues, Cybersecurity Measures, Two-Factor Authentication, Domain Management Security, Squarespace Response, Protecting Online Assets, Cybersecurity Best Practices

Read more : https://www.hostingbyalitech.com/blog

Alitech Blog

Posted in Uncategorized on Jul 19, 2024



Hackers Hijack Many New Company Accounts With Domain Names On Squarespace

Posted in Uncategorized on Jul 19, 2024

In July 2024, hackers exploited a vulnerability in Squarespace's domain migration process, hijacking over a dozen company accounts, primarily targeting crypto-themed entities. This article delves into the incident, the impact on affected companies, and the necessary steps to enhance domain security.



This is really awesome!!! We are now ranking 🚀5th 👊😍

Posted in About Hosting by AliTech, Hosting Promotions on Jun 07, 2021

This is really awesome!!! We are now ranking 5th on TheWebHostingDir.com. To celebrate this we are giving away 5 Free Shared Hosting Accounts on first come first serve basis.



Hackers Hijacked Chrome Extensions to Inject Malicious Code

Posted in News on Dec 30, 2024

Hackers have hijacked at least 16 popular Chrome extensions, exposing over 600,000 users to potential data theft. The attack targeted known extensions through a phishing campaign, allowing attackers to inject malicious code that stole sensitive information such as cookies and session tokens. Cybersecurity experts have identified a wide range of affected extensions, including those related to AI tools, VPNs, and productivity. This breach highlights the vulnerability of browser extensions and the need for better security practices.



Mastering Homework: A Guide to Effective Scheduling

Posted in Uncategorized on Jun 07, 2024

Learn how to schedule homework activities effectively to reduce stress, improve time management, and enhance academic performance



ValueError at / dictionary update sequence element #0 has length 1; 2 is required

Posted in Technical Solutions on Dec 20, 2021

ERROR: ValueError at / dictionary update sequence element #0 has length 1; 2 is required SOLUTION: This has a simple solution.



ACME now uses ZeroSSL, here is what you need to do for your CyberPanel

Posted in Technical Solutions on Jul 02, 2021

ACME now uses ZeroSSL, here is what you need to do for your CyberPanel.



Step by Step Guide for Django Installation on CyberPanel, Litespeed & uWSGI - #CyberPanel #LiteSpeed

Posted on Dec 28, 2021

Step by Step Guide for Django Installation on CyberPanel, Litespeed & uWSGI - #CyberPanel #SFARPak This tutorial explains steps by steps how to Install Django in CyberPanel. The CyberPanel works on the LiteSpeed server which has the fastest performance compared to other servers like Apache & NGINX.



Google Imagen 3 is Now Available for All Gemini Users

Posted in News on Oct 11, 2024

Google has once again pushed the boundaries of artificial intelligence with the release of Imagen 3, its most advanced image generation model to date. This powerful tool, now available to all users of Gemini, promises to revolutionize how we interact with AI-generated imagery by offering unmatched photorealism, vibrant colors, and enhanced control over prompts. But what exactly makes Imagen 3 stand out? Let's dive into all the exciting details of this cutting-edge technology



Meta's Fight Against Celebrity Investment Scam Ads with Facial Recognition Technology

Posted in News on Oct 23, 2024

Meta, the parent company of Facebook and Instagram, has taken significant steps in its ongoing battle against celebrity investment scam ads by leveraging facial recognition technology. These scam ads often involve deepfake images of celebrities like Gina Rinehart and Guy Sebastian, tricking users into believing false endorsements. This new initiative aims to quickly and accurately detect these fraudulent ads and remove them before they reach unsuspecting users.



The Role of Artificial Intelligence in Hollywood: Ben Affleck’s Perspective

Posted in News on Nov 26, 2024

Ben Affleck, the renowned actor and director, shared his perspective on artificial intelligence's role in Hollywood, emphasizing that AI can streamline laborious tasks but cannot replace human creativity. Speaking at CNBC’s Delivering Alpha 2024 summit, Affleck highlighted AI's limitations in originality and its inability to replicate the emotional depth achieved through human interaction. While optimistic about AI reducing filmmaking costs and democratizing the industry, he stressed its role as a tool, not a creator. Affleck’s nuanced insights provide a balanced view of AI as a complement to human creativity rather than a replacement.



World of Quantum Computing and Its Effects on Web Hosting and Domain Names

Posted in Uncategorized on Jul 11, 2024

Quantum computing is no longer a concept confined to the realm of theoretical physics; it has entered the mainstream, promising to revolutionize various industries. Among these, web hosting and domain name management stand to benefit significantly from the advancements in quantum computing. Quantum computers can process large datasets more efficiently, enabling faster data retrieval and processing. This can significantly reduce the time it takes to load websites, improving the overall user experience. Moreover, quantum encryption techniques offer enhanced protection, ensuring that sensitive data transmitted over the internet remains secure from cyber threats. As quantum computing continues to evolve, it is set to transform web hosting and domain management, making them more efficient, secure, and reliable.



The Ultimate Guide to WordPress Hosting 2024

Posted in Uncategorized on Jul 05, 2024

Unlock the full potential of your WordPress website with the ultimate guide to WordPress hosting! Discover the importance of choosing the right hosting, explore the different types of hosting options, and learn how to migrate and set up your WordPress site for success. Get the inside scoop on top hosting providers, advanced features, and troubleshooting tips. Whether you're a beginner or a seasoned pro, this guide has got you covered. Read now and take your website to the next level



How to Install Python Django 4.0 on Windows 10 or Windows 11

Posted on Jan 20, 2022

How to Install Python Django 4.0 on Windows 10 or Windows 11 This tutorial explains how to Install Django on Windows 10 or Windows 11.



Infinix Launches Its First-Ever Foldable Phone, the Zero Flip

Posted in News on Sep 28, 2024

In the ever-evolving world of smartphones, the competition for innovative and cutting-edge technology has become fierce. Enter Infinix, a brand known for delivering value-packed devices at competitive prices. Recently, Infinix made headlines by launching its first-ever foldable phone, the Infinix Zero Flip, marking the company's debut into the foldable smartphone arena. At just $600, this phone offers a great balance of performance, features, and affordability. In this article, we'll break down everything you need to know about the Infinix Zero Flip—its specs, design, features, and why it's turning heads in the smartphone industry.



The Manifest Hails AliTech Solutions as one of the Most Reviewed IT Services Companies in Pakistan

Posted on Jun 09, 2022

The Manifest Hails AliTech Solutions as one of the Most Reviewed IT Services Companies in Pakistan A robust IT infrastructure is one of the key components of a company’s success in today’s digital landscape. Thankfully, there are companies like AliTech Solutions that can help you with your IT needs. We’ve been in the industry for a while now and our team has managed to help hundreds of clients achieve their goals through our services.



AI-powered Web Hosting and Its Benefits

Posted in Uncategorized on Jul 10, 2024

AI-powered web hosting leverages artificial intelligence technologies to manage, optimize, and enhance traditional web hosting experiences. It offers unparalleled benefits such as enhanced performance and speed, improved security measures, efficient resource management, and intelligent traffic analysis. This type of hosting integrates AI to predict traffic patterns, dynamically allocate resources, and ensure superior website performance. Businesses adopting AI-powered web hosting can expect faster load times, automated threat detection, and scalable solutions that cater to growing needs. As AI technology continues to evolve, the future of web hosting looks promising, offering even more sophisticated and efficient solutions.



How an App on Your Smartwatch Could Help You Quit Smoking

Posted in News on Jan 02, 2025

Researchers at the University of Bristol have developed an innovative app for Android smartwatches to help smokers quit. The app detects specific hand movements associated with smoking and delivers supportive messages to the user, providing a gentle nudge to avoid lighting up



Webcam Hacking and Stalking: Myth or Reality?

Posted in News on Dec 25, 2024

Webcam hacking is a growing concern in the digital world, with hackers exploiting vulnerabilities in webcams to gain unauthorized access to private spaces. But how real is this threat, and should you be worried? From phishing emails to malware and Trojan horse programs, hackers are using various techniques to breach webcams and invade individuals' privacy. With real-life cases of webcam hacking and stalking on the rise, it's essential to understand the risks and take precautions to protect your privacy and security.




Other Blogs


Hackers Hijacked Chrome Extensions to Inject Malicious Code

Posted in News on Dec 30, 2024 and updated on Dec 30, 2024

Mastering Homework: A Guide to Effective Scheduling

Posted in Uncategorized on Jun 07, 2024 and updated on Jun 07, 2024

Google Imagen 3 is Now Available for All Gemini Users

Posted in News on Oct 11, 2024 and updated on Oct 11, 2024

The Role of Artificial Intelligence in Hollywood: Ben Affleck’s Perspective

Posted in News on Nov 26, 2024 and updated on Nov 26, 2024

The Ultimate Guide to WordPress Hosting 2024

Posted in Uncategorized on Jul 05, 2024 and updated on Jul 05, 2024

How to Install Python Django 4.0 on Windows 10 or Windows 11

Posted on Jan 20, 2022 and updated on Mar 17, 2022

Infinix Launches Its First-Ever Foldable Phone, the Zero Flip

Posted in News on Sep 28, 2024 and updated on Sep 28, 2024

AI-powered Web Hosting and Its Benefits

Posted in Uncategorized on Jul 10, 2024 and updated on Jul 10, 2024

How an App on Your Smartwatch Could Help You Quit Smoking

Posted in News on Jan 02, 2025 and updated on Jan 02, 2025

Webcam Hacking and Stalking: Myth or Reality?

Posted in News on Dec 25, 2024 and updated on Dec 25, 2024







Comments

Please sign in to comment!






Subscribe To Our Newsletter

Stay in touch with us to get latest news and discount coupons