MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
squarespace
Search

Weak Security Defaults Enabled Squarespace Domains Hijacks

Monday July 15, 2024. 09:30 PM , from Slashdot
At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Krebs on Security: Squarespace bought all assets of Google Domains a year ago, but many customers still haven't set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn't yet been registered, merely by supplying an email address tied to an existing domain. The Squarespace domain hijacks, which took place between July 9 and July 12, appear to have mostly targeted cryptocurrency businesses, including Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains. In some cases, the attackers were able to redirect the hijacked domains to phishing sites set up to steal visitors' cryptocurrency funds.

New York City-based Squarespace purchased roughly 10 million domain names from Google Domains in June 2023, and it has been gradually migrating those domains to its service ever since. Squarespace has not responded to a request for comment, nor has it issued a statement about the attacks. But an analysis released by security experts at Metamask and Paradigm finds the most likely explanation for what happened is that Squarespace assumed all users migrating from Google Domains would select the social login options -- such 'Continue with Google' or 'Continue with Apple' -- as opposed to the 'Continue with email' choice.

Read more of this story at Slashdot.
https://it.slashdot.org/story/24/07/15/1928218/weak-security-defaults-enabled-squarespace-domains-hi...

Related News

News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Dec, Sun 22 - 07:59 CET