Squarespace, a popular website-building and hosting platform that enables individuals and businesses to create professional websites without needing to write code bought 10 million domains from Google Domains in June 2023 and failed to secure the migration process. This allowed malicious attackers to exploit this misconfiguration to perform domain hijacking attacks on notable project like Compound and Celer.
Behind the Breach
Once the migration process from Google to Squarespace was initiated, threat actors signed up for an account using an email associated with a recently-migrated domain before the legitimate email holder could create the account themselves, effectively taking over control over the entire domain.
When a domain gets compromised, it can lead to phishing attacks, email interception, and account hijacking, resulting in data breaches and financial loss. Additionally, it can severely damage the domain owner's reputation and erode customer trust.
Lessons from the Incident
If you think you've been affected, this is what you can do:
Check if you've bough a domain on Google Domains before.
Visit https://www.whois.com/ and enter your website and check that under "registrar" it doesn't say "Squarespace Domains"
If it does, find out with which Google account you bought that domain with and create an account with the same on Squarespace.
Once you've regained your account, change your password and enable MFA on your google account
Remove Squarespace as a reseller in your Google Workspace by following this guide https://support.google.com/a/answer/114840?hl=en&fl=1&sjid=6776168363331774413-NC
As a leading cybersecurity company, we are on the forefront of security research, constantly monitoring for emerging threats. With best in class security expertise, we are able to help you secure your assets to the highest levels.
Visit rivanorth.com to find out more.
You build the future. We help you secure it.