At least a dozen organisations with domain names registered through Squarespace experienced website hijackings between July 9 and July 12. This incident has raised alarms within the cybersecurity community, especially as it primarily impacted cryptocurrency businesses, including Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains.
The domain hijacking was facilitated by a vulnerability in the migration process from Google Domains to Squarespace. Squarespace, which acquired Google Domains’ assets a year ago, has been gradually migrating approximately 10 million domain names. However, many customers had not yet set up their new accounts on Squarespace, leaving a critical security gap.
According to researchers, the hijackers exploited this gap by registering accounts using email addresses linked to the unregistered migrated domains. This flaw allowed attackers to gain domain control by supplying their email addresses.
The crux of the issue lies in Squarespace’s assumption that users would opt for social login options such as “Continue with Google” or “Continue with Apple.” This oversight meant that when attackers used the “Continue with email” option, they could create accounts for the migrated domains without requiring email verification. This process effectively allowed them to bypass security protocols and hijack domains.
Researchers observed that once an attacker initiated the login with an email tied to a migrated domain, they were directed to create a password for the new account. Given that the account was partially set up on the backend, the attacker could take full control of the domain.
The attackers managed to redirect some hijacked domains to phishing sites, aiming to steal cryptocurrency funds from unsuspecting visitors.
As of now, researchers have compiled more than 120 domains registered with Squarespace, which can be vulnerable.
Security experts have criticised Squarespace for not requiring email verification and lacking adequate user controls and monitoring capabilities. They emphasised that domain owners now face significant challenges in securing and monitoring their accounts, as they lack audit logs, email notifications for account actions, and detailed access controls.
Cybersecurity experts have urged organisations to implement multi-factor authentication, verify email accounts that have access to Squarespace, remove unnecessary accounts, and disable reseller access.
In the News: Disney faces data breach as their Slack conversations are leaked
