Squarespace Security Breach: Crypto Domains Hijacked
Squarespace, a renowned website builder, has experienced a substantial security breach subsequent to its acquisition of domain registrations from Google Domains. The incident, which transpired between July 9 and July 12, led to the hijacking of websites belonging to at least a dozen organizations, predominantly in the cryptocurrency sector.
The hijacked domains encompassed prominent cryptocurrency businesses such as Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains. Attackers exploited a vulnerability in Squarespace's migration process, enabling them to gain unauthorized access to the domains. Upon access, some domains were redirected to phishing sites to pilfer cryptocurrency funds.
Security experts have attributed the breach to Squarespace's deficiency in email verification for new accounts created with a password. This oversight permitted attackers to effortlessly create new accounts and assume control of the domains. Furthermore, Squarespace's OAuth login process was discovered to be vulnerable, contradicting the company's post-mortem statement. Domain owners and managers on Squarespace possess similar privileges, including moving domains or managing DNS settings, with limited security controls in place.
Squarespace's acquisition of approximately 10 million domain names from Google Domains in June 2023 has been tarnished by this security incident. The company has been exhorted to implement stricter security measures, such as enabling multi-factor authentication by default and fortifying email verification processes. As the investigation progresses, Squarespace users are advised to secure their accounts and remain vigilant against potential threats.
Read also:
- U.S. CBP's Operation Plaza Spike Boosts Fentanyl Seizures Along Arizona-Mexico Border
- Regensburg Court Sentences Pizza Delivery Owner for Illegal Employment, Tax Evasion
- Tesla's EV Market Share Plummets in Europe, US Competition Intensifies
- Catastrophe at a U.S. Steel facility in Pennsylvania results in the loss of two lives. crucial details unveiled
