Hackers Hijack Many New Company Accounts With Domain Names On Squarespace



Introduction

More than one dozen firms with domain names found across Squarespace witnessed their websites get hijacked recently. This incident highlights a critical flaw in domain security that needs immediate attention. Domain security is paramount as it protects the online identity and assets of businesses.

Background

In June of last year, Squarespace acquired assets belonging to Google Domains, encompassing nearly 10 million domain names. The acquisition aimed to streamline services and provide a unified platform for domain management. However, the migration process left several vulnerabilities exposed.

The Hijacking Incident

The domain hijacking incident lasted from July 9th to 12th, primarily targeting crypto-themed entities such as Celer Network and Pendle Finance. During this period, malicious hackers took advantage of the migration process's loopholes, leading to significant security breaches.

How the Hijacking Occurred

Hackers exploited a flaw in the migration process that allowed them to supply email IDs linked to a domain that was still under registration. Without proper email validation, attackers could easily create accounts linked to these domains, bypassing the need for passwords initially set by legitimate users.

Impact on Crypto-Themed Entities

The hijacking primarily affected crypto-themed entities, which are lucrative targets due to the substantial funds involved. Companies like Celer Network and Pendle Finance faced potential financial losses as their domain names were compromised, putting their users at risk.

Redirecting to Phishing Sites

Once the attackers gained control of the domains, they redirected them to phishing sites designed to steal crypto funds from visitors. This method is particularly dangerous as it exploits the trust users place in these platforms, leading to significant financial losses.

Squarespace's Response

In the wake of the incident, Squarespace opted to remain silent initially, offering no comments or statements regarding the attack. However, the company has since taken steps to address the vulnerabilities and prevent future incidents.

Expert Analysis

Cybersecurity experts have analyzed the incident, highlighting the flaws in Squarespace's migration process. The assumption that users would opt for 'Continue with Apple or Google' over 'Continue with email' proved to be a critical oversight.

Metamask's Insight

The head of Metamask explained how Squarespace never anticipated threat actors signing up for accounts linked to newly migrated domains before the legitimate email holders did. This oversight allowed attackers to exploit the system and hijack the domains.

Lack of Domain Activity Insights

One major concern is the absence of activity insights or audit logs for domains managed by Squarespace. Without these logs, it's challenging to detect and respond to unauthorized actions, making domains vulnerable to hijacking without any alerts being sent.

Further Exploitation Risks

The lack of robust security measures means that future exploitation risks remain high. It's crucial for Squarespace and other domain management platforms to implement stricter security protocols to safeguard their users' assets.

Steps for Affected Users

For users affected by the hijacking, immediate actions include enabling two-factor authentication, reviewing and removing unnecessary contributor accounts, and reverting unauthorized changes. Long-term security practices should involve regular monitoring of domain activity and employing strong, unique passwords.

Preventing Future Attacks

To prevent future attacks, Squarespace must improve its security measures, including mandatory email validation and comprehensive audit logs. Users should also be vigilant and proactive in securing their domains, using robust security tools and practices.

Conclusion

The recent domain hijacking incident at Squarespace serves as a stark reminder of the importance of domain security. By addressing the vulnerabilities and implementing stronger security measures, both Squarespace and its users can better protect their online assets and identities.

FAQs

How did the hackers exploit the flaw?

Hackers exploited a flaw in the migration process by supplying email IDs linked to domains that were still under registration, allowing them to create accounts without proper validation.

Which companies were most affected?

Crypto-themed entities like Celer Network and Pendle Finance were among the most affected, facing potential financial losses due to the hijacking.

What steps should users take now?

Affected users should enable two-factor authentication, review and remove unnecessary contributor accounts, revert unauthorized changes, and regularly monitor their domain activity.

How can future domain hijackings be prevented?

Future hijackings can be prevented by implementing stricter security measures, such as mandatory email validation, comprehensive audit logs, and robust monitoring tools.

What changes has Squarespace implemented post-attack?

Squarespace has started disallowing the creation of new accounts using only an email address and is likely working on further security enhancements to prevent similar incidents in the future.

Tags: Hackers Hijack Company Accounts, Squarespace Domain Hijacking, Cybersecurity Incident, Crypto-Themed Entities, Domain Security Flaws, Google Domains Acquisition, Phishing Attacks, Domain Migration Vulnerabilities, Email Validation Issues, Cybersecurity Measures, Two-Factor Authentication, Domain Management Security, Squarespace Response, Protecting Online Assets, Cybersecurity Best Practices

Read more : https://www.hostingbyalitech.com/blog

Alitech Blog

Posted in Uncategorized on Jul 19, 2024



OpenAI Just Announced New AI Features: Key Takeaways from DevDay

Posted in News on Oct 02, 2024

OpenAI has once again made headlines with a series of groundbreaking announcements at its recent developer event, DevDay. These updates promise to change the way developers and entrepreneurs build AI-powered products. Whether you're working on a new voice assistant or simply trying to optimize API usage, these new features will play a pivotal role in enhancing the performance and accessibility of AI technologies. In this article, we’ll break down everything you need to know about the new tools and capabilities OpenAI announced. From AI voice assistants to cutting-edge API updates, these innovations are setting the stage for the future of AI.



[Tutorial] Installing Kubernetes Manually

Posted in Technical Solutions on May 01, 2022

[Tutorial] Installing Kubernetes Manually 1. Letting iptables see bridged traffic



IBM Develops AI Agents to Automate Software Engineering Tasks

Posted in News on Nov 08, 2024

Get ready to revolutionize software development with AI! IBM's latest innovation uses AI agents to automate tasks, improve code quality, and streamline development. Discover how AI-driven software development can transform industries and change the game



Firewall in Pakistan: Restricting Online Freedom and Access 2024

Posted in News on Aug 19, 2024

Pakistan's government is set to implement a nationwide firewall, sparking concerns about internet censorship and restrictions on online dissent. The firewall will monitor and control internet usage, targeting social media platforms and regulating VPNs. With a history of internet restrictions, this move raises questions about the future of free expression and democratic engagement in Pakistan. Key Points: Pakistan's national firewall will control access to social media platforms and monitor online activities The firewall aims to track and control internet usage, including VPNs Lack of transparency surrounding the project's scope and implications International concerns about the impact on freedom of expression and democratic principles Experts warn of potential risks to online privacy and security Read the full article to learn more about Pakistan's national firewall and its implications for internet freedom.



Cheap Web Hosting in Pakistan: Your Ultimate Guide

Posted in Hosting Promotions on Jun 07, 2024

Looking for affordable web hosting solutions in Pakistan? Dive into our comprehensive guide to find the best options for your website without breaking the bank.



Free Backlinks by Guest posts on HostingbyAliTech

Posted in Hosting Promotions, News on Jan 26, 2021

Free Backlinks by Guest posts on HostingbyAliTech We are announcing an exciting news!!! Now you can get free backlinks just by creating account on HostingbyAliTech and creating guest post.



The Pros and Cons of Using a Free Web Hosting Service

Posted in Uncategorized on Jul 26, 2024

Choosing the right web hosting service is crucial for your online presence. Free web hosting might seem appealing, especially for startups and personal projects, but it's important to weigh its benefits and drawbacks. While cost-effective and user-friendly, free web hosting often comes with limitations in resources, performance, and security. Understanding these pros and cons can help you decide if free web hosting is the right choice for your website.



AliTech Python Django Hosting: Unleash Extreme Performance for Your Web Projects

Posted in About Hosting by AliTech on Aug 21, 2024

Discover why AliTech's Python Django Hosting stands out for developers seeking extreme performance and reliability. With plans featuring SSD storage, instant provisioning, and guaranteed resources, AliTech provides the ideal environment for your Django applications. Whether you're starting with the Bronze plan or scaling up to Titanium, explore how AliTech’s hosting solutions offer unmatched speed, flexibility, and control to power your web projects.



The Ultimate Guide to Different Types of Web Hosting

Posted in Uncategorized on Jun 24, 2024

Choosing the right web hosting service can be overwhelming, but understanding the differences between shared hosting, VPS hosting, Wordpress hosting, reseller hosting, and cloud hosting can help. Learn about the pros and cons of each option and make an informed decision for your website's needs.



Apple's New AirPods are Also Hearing Aids

Posted in News on Sep 10, 2024

Apple's latest AirPods Pro 2 aren’t just wireless headphones—they now double as clinical-grade hearing aids. This innovation could revolutionize how people with mild to moderate hearing loss access care. With a built-in hearing test and machine learning technology, these AirPods can adjust sound frequencies in real-time, making conversations clearer and enhancing the overall listening experience. At $249, they’re also a much more affordable option compared to traditional hearing aids, making hearing assistance accessible to a broader audience. However, they do have limitations, including shorter battery life and unsuitability for severe hearing loss.



Ghost Framework: A Comprehensive Guide

Posted in Uncategorized on Sep 11, 2024

Ghost Framework is a powerful and flexible PHP framework designed for building robust and scalable web applications. With its modular design and MVC architecture, Ghost Framework enables developers to build applications in a structured and organized way. In this comprehensive guide, we'll explore the features and benefits of Ghost Framework, and provide a step-by-step tutorial on getting started with the framework. Whether you're a seasoned PHP developer or just starting out, Ghost Framework is an ideal choice for building fast, secure, and reliable web applications



Qualcomm's Snapdragon 8 Elite: A Game Changer in Mobile Processing

Posted in News on Oct 22, 2024

Qualcomm has unveiled its Snapdragon 8 Elite chip, marking a significant advancement in mobile technology. This new chip features the custom-designed Oryon CPU, built on a 3nm process node, which provides a 45% increase in performance compared to its predecessor, the Snapdragon 8 Gen 3, while consuming 27% less power. For gamers, the Snapdragon 8 Elite promises a 40% boost in gaming performance, enabling smoother graphics and faster response times. Enhanced AI capabilities mean improved photography and smarter app interactions, making low-light shots and real-time image processing much more effective. With new smartphones from brands like Samsung and OnePlus set to launch soon, the Snapdragon 8 Elite is set to redefine the mobile experience, offering users unprecedented power and efficiency.



Blessed Friday Sale in Pakistan 2024

Posted in News on Nov 22, 2024

The Blessed Friday Sale 2024 in Pakistan offers incredible discounts across various categories, including clothing, electronics, footwear, and accessories. Renowned brands like Gul Ahmed, Nishat Linen, Engine, and Stylo are providing flat discounts ranging from 25% to 80%. Tech enthusiasts can explore exciting deals on gadgets from Audionic, Samsung, and Dany Tech, while fashion lovers can shop trendy collections at Breakout, Cougar Clothing, and Cambridge. With options for men, women, and kids, this shopping event is perfect for upgrading your wardrobe or grabbing tech essentials. Don't miss out—shop these amazing offers from top brands online or in stores!



WhatsApp's Upcoming Features: A Comprehensive Look at the Future of Messaging

Posted in News on Aug 30, 2024

WhatsApp is rolling out exciting new features, including advanced contact syncing options, multi-account support, and enhanced privacy tools like passkey encryption. These updates will allow users to manage contacts separately for each account, manually sync specific contacts, and create custom chat lists. Additionally, WhatsApp is working on voice message transcription and in-app translation, making communication more seamless and secure. These features, currently in beta, aim to improve user experience and provide greater control over personal and professional interactions



AI-Generated Captions Come to Max via Google

Posted on Sep 25, 2024

Warner Bros. Discovery has partnered with Google to launch "Caption AI," an innovative tool that uses AI technology to automatically generate captions for unscripted programming on the Max streaming service. Built on Google’s Vertex AI platform, this collaboration aims to cut captioning costs by up to 50% and reduce production time by 80%. As the media industry increasingly embraces AI, this partnership highlights the potential of technology to streamline processes while maintaining quality and accuracy in content accessibility.



OpenAI's Updated ChatGPT App for Mac: Revolutionizing Multitasking

Posted in Uncategorized on Aug 08, 2024

The recent update to OpenAI’s ChatGPT app for macOS introduces a transformative feature designed to enhance multitasking efficiency. This blog delves into the details of this update, exploring how it can streamline your workflow and improve overall productivity.



Alibaba Expects AI to Drive More Than Half of Its Cloud Segment Growth

Posted in Uncategorized on Aug 19, 2024

In this article, we explore how Alibaba's investment in AI is driving significant growth in its cloud segment. With a focus on GPU-based AI product development, Alibaba aims to regain its position in the competitive global cloud market. Discover the strategies and challenges the company faces as it navigates the future of cloud computing



US Election Results 2024: LIVE Updates on Trump's Lead in Key States

Posted in News on Nov 06, 2024

The 2024 US presidential election is becoming one of the most closely watched races in history. With former President Donald Trump facing Vice President Kamala Harris, early results indicate a tight race, especially in key battleground states. As the night unfolds, Trump leads in traditionally Republican states, but the outcome remains uncertain, with Nevada, North Carolina, and Georgia all still too close to call. Voters are anxiously awaiting final results, and Pennsylvania's outcome could very well determine the next president. Stay tuned for live updates on the election results and key developments.




Other Blogs


OpenAI Just Announced New AI Features: Key Takeaways from DevDay

Posted in News on Oct 02, 2024 and updated on Oct 02, 2024

[Tutorial] Installing Kubernetes Manually

Posted in Technical Solutions on May 01, 2022 and updated on Jun 07, 2024

IBM Develops AI Agents to Automate Software Engineering Tasks

Posted in News on Nov 08, 2024 and updated on Nov 08, 2024

Firewall in Pakistan: Restricting Online Freedom and Access 2024

Posted in News on Aug 19, 2024 and updated on Aug 19, 2024

Cheap Web Hosting in Pakistan: Your Ultimate Guide

Posted in Hosting Promotions on Jun 07, 2024 and updated on Jun 07, 2024

Free Backlinks by Guest posts on HostingbyAliTech

Posted in Hosting Promotions, News on Jan 26, 2021 and updated on Mar 30, 2022

The Pros and Cons of Using a Free Web Hosting Service

Posted in Uncategorized on Jul 26, 2024 and updated on Jul 26, 2024

The Ultimate Guide to Different Types of Web Hosting

Posted in Uncategorized on Jun 24, 2024 and updated on Jun 24, 2024

Apple's New AirPods are Also Hearing Aids

Posted in News on Sep 10, 2024 and updated on Sep 10, 2024

Ghost Framework: A Comprehensive Guide

Posted in Uncategorized on Sep 11, 2024 and updated on Sep 11, 2024

Qualcomm's Snapdragon 8 Elite: A Game Changer in Mobile Processing

Posted in News on Oct 22, 2024 and updated on Oct 22, 2024

Blessed Friday Sale in Pakistan 2024

Posted in News on Nov 22, 2024 and updated on Nov 22, 2024

WhatsApp's Upcoming Features: A Comprehensive Look at the Future of Messaging

Posted in News on Aug 30, 2024 and updated on Aug 30, 2024

AI-Generated Captions Come to Max via Google

Posted on Sep 25, 2024 and updated on Sep 25, 2024

OpenAI's Updated ChatGPT App for Mac: Revolutionizing Multitasking

Posted in Uncategorized on Aug 08, 2024 and updated on Aug 08, 2024

Alibaba Expects AI to Drive More Than Half of Its Cloud Segment Growth

Posted in Uncategorized on Aug 19, 2024 and updated on Aug 19, 2024

US Election Results 2024: LIVE Updates on Trump's Lead in Key States

Posted in News on Nov 06, 2024 and updated on Nov 06, 2024

Blessed Friday Sale in Pakistan 2024

Posted in News on Nov 22, 2024

Blessed Friday Sale in Pakistan 2024

Posted in News on Nov 22, 2024







Comments

Please sign in to comment!






Subscribe To Our Newsletter

Stay in touch with us to get latest news and discount coupons