More than one dozen firms with domain names found across Squarespace witnessed their websites get hijacked recently.
The organization ended up purchasing assets belonging to Google Domains one year back but many clients were yet to complete their account setup process.
As per experts, malicious hackers were able to migrate to these accounts which were still under the registration process. All they needed to do was supply email IDs linked to a domain that was in existence.
The domain hijacking incident lasted from July 9th to 12th and seemed to pinpoint to crypto-themed entities. This included the likes of Celer Network and Pendle Finance.
In certain situations, the attackers could redirect hijacked domains towards phishing locations to steal crypto funds belonging to visitors. It’s really an eye-opening situation as Squarespace had recently bought close to 10 million domain names from Google Domains in June of last year.
Slowly but surely, it was migrating to such domains to enter into service so this was a huge blow for the firm. Right now, the organization is opting to remain hush and no comments were published related to this theme in regards to the recent attack.
Another analysis rolled out by experts in the security field found an explanation related to what may have happened. It says that Squarespace was under the impression that most of its clients would opt for the ‘Continue with Apple or Google’ selection but in reality, they chose ‘Continue with email’.
The head of Metamask explained through a post how Squarespace never envisioned threat actors signing up for accounts that were directly linked to domains that were migrated recently before an actual email holder produced the account itself.
Hence, nothing can prevent them from logging in with email IDs, and the fact that no password for accounts exists, it’s questionable to begin with.
Meanwhile, some research experts are speaking about how some domains across Squarespace could have been attacked if the threat actor knew the email IDs for those who were less privileged and had a user account linked to a particular domain like domain manager. It’s quite like transferring domains to a unique internet ID.
On top of that, Squarespace has no insights about activity carried out in domains or any audit logs which again is concerning. You won’t even get any alerts sent via email if certain actions are rolled out.
Image: DIW-Aigen
H/T: Krebsonsecurity
Read next: Fury Increases In Latin America Against Meta After It Fails To Notify Artists About Using Their Data To Train AI
The organization ended up purchasing assets belonging to Google Domains one year back but many clients were yet to complete their account setup process.
As per experts, malicious hackers were able to migrate to these accounts which were still under the registration process. All they needed to do was supply email IDs linked to a domain that was in existence.
The domain hijacking incident lasted from July 9th to 12th and seemed to pinpoint to crypto-themed entities. This included the likes of Celer Network and Pendle Finance.
In certain situations, the attackers could redirect hijacked domains towards phishing locations to steal crypto funds belonging to visitors. It’s really an eye-opening situation as Squarespace had recently bought close to 10 million domain names from Google Domains in June of last year.
Slowly but surely, it was migrating to such domains to enter into service so this was a huge blow for the firm. Right now, the organization is opting to remain hush and no comments were published related to this theme in regards to the recent attack.
Another analysis rolled out by experts in the security field found an explanation related to what may have happened. It says that Squarespace was under the impression that most of its clients would opt for the ‘Continue with Apple or Google’ selection but in reality, they chose ‘Continue with email’.
The head of Metamask explained through a post how Squarespace never envisioned threat actors signing up for accounts that were directly linked to domains that were migrated recently before an actual email holder produced the account itself.
Hence, nothing can prevent them from logging in with email IDs, and the fact that no password for accounts exists, it’s questionable to begin with.
Meanwhile, some research experts are speaking about how some domains across Squarespace could have been attacked if the threat actor knew the email IDs for those who were less privileged and had a user account linked to a particular domain like domain manager. It’s quite like transferring domains to a unique internet ID.
On top of that, Squarespace has no insights about activity carried out in domains or any audit logs which again is concerning. You won’t even get any alerts sent via email if certain actions are rolled out.
H/T: Krebsonsecurity
Read next: Fury Increases In Latin America Against Meta After It Fails To Notify Artists About Using Their Data To Train AI
