Several organizations utilizing domain names registered with Squarespace experienced website hijacks in the past week. After acquiring all assets of Google Domains a year ago, Squarespace has been migrating customer accounts gradually, leading to vulnerabilities for those who have not yet set up new accounts.
Malicious hackers seized the opportunity to take control of migrated Squarespace accounts that were not yet registered by simply providing an email address linked to an existing domain. This tactic was utilized between July 9 and July 12 to target multiple cryptocurrency businesses, including Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains. The hackers, in some instances, redirected the hijacked domains to phishing sites, aiming to steal visitors’ cryptocurrency funds.
Squarespace, based in New York City, acquired approximately 10 million domain names from Google Domains in June 2023, and has been in the process of transferring these domains to its platform. The company has remained silent regarding the recent attacks and has not responded to inquiries.
Security experts at Metamask and Paradigm analyzed the situation, concluding that Squarespace overlooked the possibility of threat actors exploiting the migration process. Taylor Monahan, lead product manager at Metamask, highlighted the lack of email verification for new accounts created with passwords, allowing unauthorized access to domains.
The researchers noted that certain Squarespace domains could be compromised if attackers identified email addresses associated with less privileged user accounts, such as domain managers, who hold the authority to transfer or alter domain settings.
According to Monahan, the migration to Squarespace has limited the options for domain owners to secure and monitor their accounts effectively, posing significant risks. The lack of control and visibility over account activity, in contrast to Google’s standards, has raised concerns among users.
To address these security issues, the researchers compiled a comprehensive guide for securing Squarespace user accounts, emphasizing the importance of enabling multi-factor authentication and reviewing access privileges. The guide recommends identifying all accounts with access to the Squarespace account, removing unnecessary accounts, and disabling reseller access in Google Workspace to mitigate risks.
As the affected organizations work to regain control of their websites and strengthen security measures, the incident serves as a cautionary tale for businesses migrating domains to new platforms. It underscores the importance of prioritizing account security and implementing robust authentication mechanisms to prevent unauthorized access and potential hijacking attempts.