Hackers Hijack Many New Company Accounts With Domain Names On Squarespace



Introduction

More than one dozen firms with domain names found across Squarespace witnessed their websites get hijacked recently. This incident highlights a critical flaw in domain security that needs immediate attention. Domain security is paramount as it protects the online identity and assets of businesses.

Background

In June of last year, Squarespace acquired assets belonging to Google Domains, encompassing nearly 10 million domain names. The acquisition aimed to streamline services and provide a unified platform for domain management. However, the migration process left several vulnerabilities exposed.

The Hijacking Incident

The domain hijacking incident lasted from July 9th to 12th, primarily targeting crypto-themed entities such as Celer Network and Pendle Finance. During this period, malicious hackers took advantage of the migration process's loopholes, leading to significant security breaches.

How the Hijacking Occurred

Hackers exploited a flaw in the migration process that allowed them to supply email IDs linked to a domain that was still under registration. Without proper email validation, attackers could easily create accounts linked to these domains, bypassing the need for passwords initially set by legitimate users.

Impact on Crypto-Themed Entities

The hijacking primarily affected crypto-themed entities, which are lucrative targets due to the substantial funds involved. Companies like Celer Network and Pendle Finance faced potential financial losses as their domain names were compromised, putting their users at risk.

Redirecting to Phishing Sites

Once the attackers gained control of the domains, they redirected them to phishing sites designed to steal crypto funds from visitors. This method is particularly dangerous as it exploits the trust users place in these platforms, leading to significant financial losses.

Squarespace's Response

In the wake of the incident, Squarespace opted to remain silent initially, offering no comments or statements regarding the attack. However, the company has since taken steps to address the vulnerabilities and prevent future incidents.

Expert Analysis

Cybersecurity experts have analyzed the incident, highlighting the flaws in Squarespace's migration process. The assumption that users would opt for 'Continue with Apple or Google' over 'Continue with email' proved to be a critical oversight.

Metamask's Insight

The head of Metamask explained how Squarespace never anticipated threat actors signing up for accounts linked to newly migrated domains before the legitimate email holders did. This oversight allowed attackers to exploit the system and hijack the domains.

Lack of Domain Activity Insights

One major concern is the absence of activity insights or audit logs for domains managed by Squarespace. Without these logs, it's challenging to detect and respond to unauthorized actions, making domains vulnerable to hijacking without any alerts being sent.

Further Exploitation Risks

The lack of robust security measures means that future exploitation risks remain high. It's crucial for Squarespace and other domain management platforms to implement stricter security protocols to safeguard their users' assets.

Steps for Affected Users

For users affected by the hijacking, immediate actions include enabling two-factor authentication, reviewing and removing unnecessary contributor accounts, and reverting unauthorized changes. Long-term security practices should involve regular monitoring of domain activity and employing strong, unique passwords.

Preventing Future Attacks

To prevent future attacks, Squarespace must improve its security measures, including mandatory email validation and comprehensive audit logs. Users should also be vigilant and proactive in securing their domains, using robust security tools and practices.

Conclusion

The recent domain hijacking incident at Squarespace serves as a stark reminder of the importance of domain security. By addressing the vulnerabilities and implementing stronger security measures, both Squarespace and its users can better protect their online assets and identities.

FAQs

How did the hackers exploit the flaw?

Hackers exploited a flaw in the migration process by supplying email IDs linked to domains that were still under registration, allowing them to create accounts without proper validation.

Which companies were most affected?

Crypto-themed entities like Celer Network and Pendle Finance were among the most affected, facing potential financial losses due to the hijacking.

What steps should users take now?

Affected users should enable two-factor authentication, review and remove unnecessary contributor accounts, revert unauthorized changes, and regularly monitor their domain activity.

How can future domain hijackings be prevented?

Future hijackings can be prevented by implementing stricter security measures, such as mandatory email validation, comprehensive audit logs, and robust monitoring tools.

What changes has Squarespace implemented post-attack?

Squarespace has started disallowing the creation of new accounts using only an email address and is likely working on further security enhancements to prevent similar incidents in the future.

Tags: Hackers Hijack Company Accounts, Squarespace Domain Hijacking, Cybersecurity Incident, Crypto-Themed Entities, Domain Security Flaws, Google Domains Acquisition, Phishing Attacks, Domain Migration Vulnerabilities, Email Validation Issues, Cybersecurity Measures, Two-Factor Authentication, Domain Management Security, Squarespace Response, Protecting Online Assets, Cybersecurity Best Practices

Read more : https://www.hostingbyalitech.com/blog

Alitech Blog

Posted in Uncategorized on Jul 19, 2024



Google Imagen 3 is Now Available for All Gemini Users

Posted in News on Oct 11, 2024

Google has once again pushed the boundaries of artificial intelligence with the release of Imagen 3, its most advanced image generation model to date. This powerful tool, now available to all users of Gemini, promises to revolutionize how we interact with AI-generated imagery by offering unmatched photorealism, vibrant colors, and enhanced control over prompts. But what exactly makes Imagen 3 stand out? Let's dive into all the exciting details of this cutting-edge technology



[SOLVED / FIXED ] snapd error: cannot communicate with server: Post http://localhost/v2/snaps/core

Posted in Technical Solutions on Apr 15, 2022

[SOLVED / FIXED ] error: cannot communicate with server: Post http://localhost/v2/snaps/core



Why Telegram CEO Pavel Durov Was Arrested in Paris: The Full Story

Posted in News on Aug 27, 2024

In the fast-evolving world of digital communication, Pavel Durov stands out as a relentless advocate for user privacy. As the founder of VKontakte and Telegram, Durov has consistently prioritized encryption and user control over data. This commitment has made him a controversial figure, especially in the eyes of governments that demand access to user information. The ongoing tension between privacy and security is embodied in Durov's journey, raising critical questions about the future of free speech and the ethical responsibilities of tech companies. What happens when the defender of digital privacy himself becomes a target?



Apple Is Developing a Doorbell That Unlocks With Your Face, Report Says

Posted in News on Dec 24, 2024

Apple is reportedly developing a revolutionary smart doorbell with Face ID, allowing it to unlock your door by recognizing your face. This innovative device is expected to integrate seamlessly with Apple's growing smart home ecosystem, including upcoming security cameras and a new smart home hub. With a potential release date in late 2025, Apple aims to challenge Amazon and Google in the smart home market by prioritizing privacy and user experience.



[SOLVED / FIXED] mysqlclient ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.

Posted on Jun 09, 2022

[SOLVED / FIXED] mysqlclient ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.



Elon Musk’s xAI Plans to Create Video Games with an AI-Driven Studio

Posted in News on Nov 28, 2024

Elon Musk is expanding xAI's focus by venturing into video game development, aiming to challenge industry norms he finds overly corporate and politically influenced. Leveraging generative AI, Musk envisions creating innovative, immersive games while reducing development costs and timelines. With a deep-rooted passion for gaming and access to significant AI resources, Musk's bold initiative seeks to redefine game development, though it faces challenges in competing with established studios and navigating the high costs of AAA production.



Mastering Multi-Server Management and Enhanced Web Security

Posted in Uncategorized on Jul 08, 2024

Managing multiple servers and ensuring robust web security are crucial in today’s digital landscape. This comprehensive guide explores the benefits and processes of multi-server management, including the use of CloudFlare for enhanced performance, CodeGuard for automated backups, and SiteLock for comprehensive security. Learn how to add various hosting services to your account, implement advanced security features, and protect your domain and data effectively. Enhance your website's reliability, scalability, and performance with these essential strategies.



[SOLVED / FIXED] DataError: (1406, "Data too long for column 'name' at row 1")

Posted in Technical Solutions on Sep 14, 2022

DataError: (1406, "Data too long for column 'name' at row 1") Error: DataError: (1406, "Data too long for column 'name' at row 1") Problem Statement: When creating a Slug in Django Model with Slugify this error populates. Solution:



[Tips] Change Python Django Superuser password

Posted in Technical Solutions on May 06, 2022

[Tips] Change Python Django Superuser password



How to Install Remote Desktop (RDP) on CentOS 7

Posted in Technical Solutions on Aug 26, 2022

How to Install Remote Desktop (RDP) on CentOS 7 How to install XRDP



Brazil Lifts Ban on X After Elon Musk Pays $5M Fine

Posted in News on Oct 09, 2024

In a major development in Brazil’s tech and social media landscape, the country’s Supreme Court recently lifted a ban on X, the platform formerly known as Twitter. This decision came after a long standoff between the platform, owned by billionaire entrepreneur Elon Musk, and the Brazilian government over issues of disinformation and legal compliance. Musk’s company, X, paid a hefty $5 million fine and complied with court orders, which has led to the platform’s reinstatement in the country. This article delves into the reasons behind the ban, Musk’s response, and how the situation has unfolded, ultimately leading to X’s return to one of its most significant markets.



LinkedIn's New AI Hiring Assistant: A Game-Changer for Recruiters?

Posted in Jobs, News on Oct 30, 2024

LinkedIn, the go-to social platform for professional networking, job hunting, and skill-building, has recently unveiled its latest venture into the world of artificial intelligence with a new tool called the “Hiring Assistant.” This powerful AI agent aims to revolutionize how companies find and hire talent by taking on repetitive recruitment tasks. But what exactly does the Hiring Assistant do, and how will it impact recruiters and candidates alike? Let's dive into the details of LinkedIn’s new AI-driven hiring solution.



Everything You Need to Know About Meta Connect 2024

Posted in News on Sep 23, 2024

Meta Connect 2024, happening from September 25 to 26, promises to be a groundbreaking event in the world of augmented and virtual reality. Attendees can expect exciting announcements, including the anticipated Quest 3S headset, which aims to offer a more affordable VR experience, and the innovative Orion AR glasses designed for seamless augmented reality interactions. In addition to hardware, the conference will highlight advancements in artificial intelligence, potentially unveiling an upgraded version of the Llama language model to enhance user experiences across Meta’s platforms. With live-streamed keynotes and developer sessions, Meta Connect 2024 is set to shape the future of technology and the metaverse, making it a must-watch event for enthusiasts and developers alike.



Choosing an SEO-Friendly Domain Name

Posted in Uncategorized on Jul 30, 2024

Choosing an SEO-friendly domain name is crucial for your website's success. This comprehensive guide explores the importance of domain names in SEO, provides actionable tips for selecting the best domain, and shares strategies to enhance your domain's SEO performance. Discover how to pick the right keywords, the benefits of short and simple domain names, and the role of trustworthy domain extensions. Learn how to create valuable content, build backlinks, and brand your domain effectively. Get insights into competitor domain analysis and whether you need to change your domain name for better SEO results.



11 Million Devices Infected with Botnet Malware Hosted in Google Play: A Detailed Overview

Posted in News on Sep 24, 2024

Recently, Necro malware has made headlines after infecting over 11 million devices through seemingly legitimate apps on Google Play, such as Wuta Camera and Max Browser. This malware utilizes advanced techniques like steganography, embedding malicious code within harmless-looking files to evade detection. Its modular design allows it to perform various malicious actions, including displaying intrusive ads and facilitating subscription fraud without users' knowledge. With the alarming resurgence of Necro, it’s crucial for users to remain vigilant, regularly update their security measures, and uninstall any suspicious applications to protect their devices from this sophisticated threat.



[SOLVED / FIXED] django.core.exceptions.ImproperlyConfigured: Requested setting AUTH_USER_MODEL

Posted on Mar 27, 2022

[SOLVED / FIXED] django.core.exceptions.ImproperlyConfigured: Requested setting AUTH_USER_MODEL ERROR / PROBLEM: Starting the Python Shell in the terminal inside virtual environment.



Graykey and Its Limitations: Insights from Leaked Documents

Posted in News on Nov 20, 2024

Graykey, a forensic tool used to unlock smartphones, is facing challenges with newer devices. Leaked documents reveal it can only partially unlock iPhones running iOS 18, accessing limited data like unencrypted files and metadata. Its performance on Android devices, such as Google Pixel phones, is also limited by device states. This highlights the ongoing battle between tech companies enhancing security and forensic tools trying to keep up, raising questions about privacy and access in the digital age.



ValueError at / dictionary update sequence element #0 has length 1; 2 is required

Posted in Technical Solutions on Dec 20, 2021

ERROR: ValueError at / dictionary update sequence element #0 has length 1; 2 is required SOLUTION: This has a simple solution.




Other Blogs


Google Imagen 3 is Now Available for All Gemini Users

Posted in News on Oct 11, 2024 and updated on Oct 11, 2024

Why Telegram CEO Pavel Durov Was Arrested in Paris: The Full Story

Posted in News on Aug 27, 2024 and updated on Aug 27, 2024

Apple Is Developing a Doorbell That Unlocks With Your Face, Report Says

Posted in News on Dec 24, 2024 and updated on Dec 24, 2024

Elon Musk’s xAI Plans to Create Video Games with an AI-Driven Studio

Posted in News on Nov 28, 2024 and updated on Nov 28, 2024

Mastering Multi-Server Management and Enhanced Web Security

Posted in Uncategorized on Jul 08, 2024 and updated on Jul 08, 2024

[Tips] Change Python Django Superuser password

Posted in Technical Solutions on May 06, 2022 and updated on May 07, 2022

How to Install Remote Desktop (RDP) on CentOS 7

Posted in Technical Solutions on Aug 26, 2022 and updated on Aug 26, 2022

Brazil Lifts Ban on X After Elon Musk Pays $5M Fine

Posted in News on Oct 09, 2024 and updated on Oct 09, 2024

LinkedIn's New AI Hiring Assistant: A Game-Changer for Recruiters?

Posted in Jobs, News on Oct 30, 2024 and updated on Oct 30, 2024

Everything You Need to Know About Meta Connect 2024

Posted in News on Sep 23, 2024 and updated on Sep 23, 2024

Choosing an SEO-Friendly Domain Name

Posted in Uncategorized on Jul 30, 2024 and updated on Jul 30, 2024

Graykey and Its Limitations: Insights from Leaked Documents

Posted in News on Nov 20, 2024 and updated on Nov 20, 2024







Comments

Please sign in to comment!






Subscribe To Our Newsletter

Stay in touch with us to get latest news and discount coupons