Hackers Hijack Many New Company Accounts With Domain Names On Squarespace



Introduction

More than one dozen firms with domain names found across Squarespace witnessed their websites get hijacked recently. This incident highlights a critical flaw in domain security that needs immediate attention. Domain security is paramount as it protects the online identity and assets of businesses.

Background

In June of last year, Squarespace acquired assets belonging to Google Domains, encompassing nearly 10 million domain names. The acquisition aimed to streamline services and provide a unified platform for domain management. However, the migration process left several vulnerabilities exposed.

The Hijacking Incident

The domain hijacking incident lasted from July 9th to 12th, primarily targeting crypto-themed entities such as Celer Network and Pendle Finance. During this period, malicious hackers took advantage of the migration process's loopholes, leading to significant security breaches.

How the Hijacking Occurred

Hackers exploited a flaw in the migration process that allowed them to supply email IDs linked to a domain that was still under registration. Without proper email validation, attackers could easily create accounts linked to these domains, bypassing the need for passwords initially set by legitimate users.

Impact on Crypto-Themed Entities

The hijacking primarily affected crypto-themed entities, which are lucrative targets due to the substantial funds involved. Companies like Celer Network and Pendle Finance faced potential financial losses as their domain names were compromised, putting their users at risk.

Redirecting to Phishing Sites

Once the attackers gained control of the domains, they redirected them to phishing sites designed to steal crypto funds from visitors. This method is particularly dangerous as it exploits the trust users place in these platforms, leading to significant financial losses.

Squarespace's Response

In the wake of the incident, Squarespace opted to remain silent initially, offering no comments or statements regarding the attack. However, the company has since taken steps to address the vulnerabilities and prevent future incidents.

Expert Analysis

Cybersecurity experts have analyzed the incident, highlighting the flaws in Squarespace's migration process. The assumption that users would opt for 'Continue with Apple or Google' over 'Continue with email' proved to be a critical oversight.

Metamask's Insight

The head of Metamask explained how Squarespace never anticipated threat actors signing up for accounts linked to newly migrated domains before the legitimate email holders did. This oversight allowed attackers to exploit the system and hijack the domains.

Lack of Domain Activity Insights

One major concern is the absence of activity insights or audit logs for domains managed by Squarespace. Without these logs, it's challenging to detect and respond to unauthorized actions, making domains vulnerable to hijacking without any alerts being sent.

Further Exploitation Risks

The lack of robust security measures means that future exploitation risks remain high. It's crucial for Squarespace and other domain management platforms to implement stricter security protocols to safeguard their users' assets.

Steps for Affected Users

For users affected by the hijacking, immediate actions include enabling two-factor authentication, reviewing and removing unnecessary contributor accounts, and reverting unauthorized changes. Long-term security practices should involve regular monitoring of domain activity and employing strong, unique passwords.

Preventing Future Attacks

To prevent future attacks, Squarespace must improve its security measures, including mandatory email validation and comprehensive audit logs. Users should also be vigilant and proactive in securing their domains, using robust security tools and practices.

Conclusion

The recent domain hijacking incident at Squarespace serves as a stark reminder of the importance of domain security. By addressing the vulnerabilities and implementing stronger security measures, both Squarespace and its users can better protect their online assets and identities.

FAQs

How did the hackers exploit the flaw?

Hackers exploited a flaw in the migration process by supplying email IDs linked to domains that were still under registration, allowing them to create accounts without proper validation.

Which companies were most affected?

Crypto-themed entities like Celer Network and Pendle Finance were among the most affected, facing potential financial losses due to the hijacking.

What steps should users take now?

Affected users should enable two-factor authentication, review and remove unnecessary contributor accounts, revert unauthorized changes, and regularly monitor their domain activity.

How can future domain hijackings be prevented?

Future hijackings can be prevented by implementing stricter security measures, such as mandatory email validation, comprehensive audit logs, and robust monitoring tools.

What changes has Squarespace implemented post-attack?

Squarespace has started disallowing the creation of new accounts using only an email address and is likely working on further security enhancements to prevent similar incidents in the future.

Tags: Hackers Hijack Company Accounts, Squarespace Domain Hijacking, Cybersecurity Incident, Crypto-Themed Entities, Domain Security Flaws, Google Domains Acquisition, Phishing Attacks, Domain Migration Vulnerabilities, Email Validation Issues, Cybersecurity Measures, Two-Factor Authentication, Domain Management Security, Squarespace Response, Protecting Online Assets, Cybersecurity Best Practices

Read more : https://www.hostingbyalitech.com/blog

Alitech Blog

Posted in Uncategorized on Jul 19, 2024



The Future of AI and Cloud Computing: A Global Perspective

Posted on Oct 03, 2024

Cloud computing and artificial intelligence (AI) are transforming the technological landscape at an unprecedented pace. These two forces have become vital for businesses aiming to scale, innovate, and stay competitive in a digital-first world. As major corporations like Microsoft, Google, and Oracle make significant investments in cloud infrastructure and AI capabilities, it's clear that these technologies will shape the future of industries worldwide. In this article, we'll dive deep into the latest developments in AI and cloud computing, with a focus on global investments, emerging technologies, and the impact on businesses across different regions.



WordPress Cofounder Asks Court to Dismiss WP Engine’s Lawsuit

Posted in News on Nov 01, 2024

WordPress cofounder Matt Mullenweg, along with Automattic, has moved to dismiss a lawsuit filed by WP Engine that alleges defamation, extortion, and trademark infringement. WP Engine’s claims arise from Mullenweg’s criticism of the company’s contributions to WordPress and his decision to restrict its access to WordPress.org resources. Mullenweg counters that WP Engine has no legal right to these resources, describing the company’s reliance on WordPress.org as a “risky decision” made without a backup plan. This high-stakes case has stirred concerns within the WordPress community about the implications for other developers and businesses relying on the platform’s open-source ecosystem.



Blessed Friday Sale in Pakistan 2024

Posted in News on Nov 22, 2024

The Blessed Friday Sale 2024 in Pakistan offers incredible discounts across various categories, including clothing, electronics, footwear, and accessories. Renowned brands like Gul Ahmed, Nishat Linen, Engine, and Stylo are providing flat discounts ranging from 25% to 80%. Tech enthusiasts can explore exciting deals on gadgets from Audionic, Samsung, and Dany Tech, while fashion lovers can shop trendy collections at Breakout, Cougar Clothing, and Cambridge. With options for men, women, and kids, this shopping event is perfect for upgrading your wardrobe or grabbing tech essentials. Don't miss out—shop these amazing offers from top brands online or in stores!



Khan Academy Brings AI Tutor 'Khanmigo' to Pakistan: Revolutionizing Education

Posted in News on Dec 27, 2024

Khan Academy Pakistan (KAP) has launched an innovative AI-powered tutor, Khanmigo, to revolutionize education in Pakistan. This cutting-edge tool aims to enhance student learning and provide crucial support to teachers. With personalized assistance for students and resources like automated lesson planning for teachers, Khanmigo is set to address Pakistan’s educational challenges. The tool is available in multiple languages, ensuring accessibility across diverse regions. By offering world-class, localized education, Khan Academy Pakistan is helping bridge gaps in literacy, numeracy, and access to quality education for millions of students across the country.



Apple's New AirPods are Also Hearing Aids

Posted in News on Sep 10, 2024

Apple's latest AirPods Pro 2 aren’t just wireless headphones—they now double as clinical-grade hearing aids. This innovation could revolutionize how people with mild to moderate hearing loss access care. With a built-in hearing test and machine learning technology, these AirPods can adjust sound frequencies in real-time, making conversations clearer and enhancing the overall listening experience. At $249, they’re also a much more affordable option compared to traditional hearing aids, making hearing assistance accessible to a broader audience. However, they do have limitations, including shorter battery life and unsuitability for severe hearing loss.



Can Renewable Energy Really Fix the Global Energy Crisis?

Posted in News on Jan 10, 2025

Renewable energy offers a transformative potential to address the global energy crisis by leveraging sustainable resources like solar, wind, and hydropower. While advancements in technology and infrastructure have made clean energy more accessible and affordable, challenges such as intermittency, high initial costs, and outdated grids remain. Innovations like battery energy storage, decentralized grids, and agrivoltaics are helping to overcome these hurdles, paving the way for a greener, more reliable energy future. However, a comprehensive approach combining renewable energy, policy support, and technological breakthroughs is essential to create a sustainable and resilient global energy system.



Start Saving Now

Posted in Hosting Promotions on Jan 29, 2021

Now you host your website at very low cost and save big. HostingbyAliTech is offering you litespeed web hosting at $0.45 per month. Whats a Big deal? Get web hosting services now and save your money.



Google Imagen 3 is Now Available for All Gemini Users

Posted in News on Oct 11, 2024

Google has once again pushed the boundaries of artificial intelligence with the release of Imagen 3, its most advanced image generation model to date. This powerful tool, now available to all users of Gemini, promises to revolutionize how we interact with AI-generated imagery by offering unmatched photorealism, vibrant colors, and enhanced control over prompts. But what exactly makes Imagen 3 stand out? Let's dive into all the exciting details of this cutting-edge technology



[SOLVED / FIXED] Kubesphere request to http //ks-apiserver/oauth/token failed

Posted in Technical Solutions on Jul 17, 2022

[SOLVED / FIXED] Kubesphere request to http //ks-apiserver/oauth/token failed



TikTok is one of Microsoft’s Biggest AI Cloud Computing Customers

Posted in Uncategorized on Aug 01, 2024

In this article, we delve into the significant partnership between TikTok and Microsoft, highlighting how TikTok's substantial investment in Microsoft's AI cloud services has influenced both companies. Discover the financial details, technological advancements, and future implications of this collaboration, as well as the potential risks and benefits for both TikTok and Microsoft in the rapidly evolving AI landscape.



Breaking! NFTs Coming to Instagram-META-Facebook Mark Zuckerberg - 2022

Posted in News on Mar 24, 2022

NFTs Coming to Instagram Soon, Says META - Facebook CEO Mark Zuckerberg According to news reports, Zuckerberg said, “We’re working...



General Motors (GM) Lays Off Over 1,000 Salaried Software, Services Employees

Posted in News on Aug 20, 2024

General Motors (GM) has announced the layoff of over 1,000 salaried employees from its software and services divisions, signaling a major shift in its strategic focus. The cuts, affecting both domestic and international positions, come as GM aims to streamline operations and prioritize high-impact projects such as enhancing its Super Cruise driver assistance system and exploring artificial intelligence. This move follows a review after the departure of former executive Mike Abbott and reflects GM's broader push towards innovation in the rapidly evolving automotive sector.



Cheap Web Hosting in Pakistan: Your Ultimate Guide

Posted in Hosting Promotions on Jun 07, 2024

Looking for affordable web hosting solutions in Pakistan? Dive into our comprehensive guide to find the best options for your website without breaking the bank.



How to Install Remote Desktop (RDP) on CentOS 7

Posted in Technical Solutions on Aug 26, 2022

How to Install Remote Desktop (RDP) on CentOS 7 How to install XRDP



NASA Offers $3 Million Prize to Help Solve a Huge Problem in Moon Missions

Posted in News on Oct 18, 2024

NASA is gearing up for long-term missions on the Moon, but a significant challenge has surfaced—how to handle the waste produced in space. To address this, NASA is offering up to $3 million to those who can help solve this growing problem. The LunaRecycle Challenge aims to develop innovative waste management solutions that can reduce solid waste and enhance the sustainability of lunar missions.



[SOLVED / FIXED] node is not recognised as internal command

Posted in Technical Solutions on Jul 13, 2022

[SOLVED / FIXED] node is not recognised as internal command



Generative AI Could Cause 10 Billion iPhones’ Worth of E-Waste Per Year by 2030

Posted in News on Oct 29, 2024

As generative AI technology continues to advance at breakneck speed, researchers warn that the resulting e-waste could be staggering—potentially exceeding the equivalent of 10 billion discarded iPhones annually by 2030. A study by Cambridge University and the Chinese Academy of Sciences predicts that e-waste from AI could soar from approximately 2.6 thousand tons in 2023 to between 400 kilotons and 2.5 million tons in just a few years. This surge highlights the urgent need for proactive measures to manage electronic waste effectively, from implementing circular economy strategies to promoting sustainability in tech practices. The challenge is significant, but with collective action from industry leaders, policymakers, and consumers, we can mitigate the environmental impact of this rapidly evolving technology and pave the way for a greener future.



ValueError at / dictionary update sequence element #0 has length 1; 2 is required

Posted in Technical Solutions on Dec 20, 2021

ERROR: ValueError at / dictionary update sequence element #0 has length 1; 2 is required SOLUTION: This has a simple solution.




Other Blogs


The Future of AI and Cloud Computing: A Global Perspective

Posted on Oct 03, 2024 and updated on Oct 03, 2024

WordPress Cofounder Asks Court to Dismiss WP Engine’s Lawsuit

Posted in News on Nov 01, 2024 and updated on Nov 01, 2024

Blessed Friday Sale in Pakistan 2024

Posted in News on Nov 22, 2024 and updated on Nov 22, 2024

Khan Academy Brings AI Tutor 'Khanmigo' to Pakistan: Revolutionizing Education

Posted in News on Dec 27, 2024 and updated on Dec 27, 2024

Apple's New AirPods are Also Hearing Aids

Posted in News on Sep 10, 2024 and updated on Sep 10, 2024

Can Renewable Energy Really Fix the Global Energy Crisis?

Posted in News on Jan 10, 2025 and updated on Jan 10, 2025

Start Saving Now

Posted in Hosting Promotions on Jan 29, 2021 and updated on Jan 30, 2021

Google Imagen 3 is Now Available for All Gemini Users

Posted in News on Oct 11, 2024 and updated on Oct 11, 2024

TikTok is one of Microsoft’s Biggest AI Cloud Computing Customers

Posted in Uncategorized on Aug 01, 2024 and updated on Aug 01, 2024

Breaking! NFTs Coming to Instagram-META-Facebook Mark Zuckerberg - 2022

Posted in News on Mar 24, 2022 and updated on Mar 24, 2022

General Motors (GM) Lays Off Over 1,000 Salaried Software, Services Employees

Posted in News on Aug 20, 2024 and updated on Aug 20, 2024

Cheap Web Hosting in Pakistan: Your Ultimate Guide

Posted in Hosting Promotions on Jun 07, 2024 and updated on Jun 07, 2024

How to Install Remote Desktop (RDP) on CentOS 7

Posted in Technical Solutions on Aug 26, 2022 and updated on Aug 26, 2022

NASA Offers $3 Million Prize to Help Solve a Huge Problem in Moon Missions

Posted in News on Oct 18, 2024 and updated on Oct 18, 2024

[SOLVED / FIXED] node is not recognised as internal command

Posted in Technical Solutions on Jul 13, 2022 and updated on Jul 13, 2022

Generative AI Could Cause 10 Billion iPhones’ Worth of E-Waste Per Year by 2030

Posted in News on Oct 29, 2024 and updated on Oct 29, 2024

Blessed Friday Sale in Pakistan 2024

Posted in News on Nov 22, 2024

Start Saving Now

Posted in Hosting Promotions on Jan 29, 2021

Blessed Friday Sale in Pakistan 2024

Posted in News on Nov 22, 2024

Start Saving Now

Posted in Hosting Promotions on Jan 29, 2021







Comments

Please sign in to comment!






Subscribe To Our Newsletter

Stay in touch with us to get latest news and discount coupons