Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

Squarespace Domain Names Compromised

July 15, 2024
Reading Time: 3 mins read
in Incidents
Squarespace Domain Names Compromised

A significant cybersecurity breach has come to light, revealing that multiple domain names hosted on Squarespace have been compromised by unknown hackers, with the incident reportedly commencing around July 10, 2024. This breach has notably affected domains transferred to Squarespace following its acquisition of Google Domains in September 2023. The acquisition involved the migration of domain registration data and customers from Google Domains to Squarespace, a process that continued over several months. During this transition, Squarespace automatically created accounts for each domain based on email addresses associated with Google Domains accounts, including administrative, technical, and billing contacts.

The attackers exploited vulnerabilities within this migration process to gain unauthorized access to Squarespace accounts. Once inside, they proceeded to manipulate DNS records, enabling them to redirect domain traffic and intercept emails by altering MX records. This tactic allowed the hackers to execute password resets and escalate their control over associated accounts. The impact of these actions was particularly severe within the decentralized finance (DeFi) sector, affecting platforms such as Compound Finance, Celer Network, and Pendle Finance. These platforms experienced DNS hijacking, leading users unwittingly to malicious sites designed to steal funds and sensitive user information.

In response to the breach, Squarespace has issued several recommendations aimed at mitigating the fallout and preventing further unauthorized access. These include urging affected users to enable Two-Factor Authentication (2FA), remove unnecessary accounts that were automatically created during the migration, and thoroughly review and correct any unauthorized changes to DNS settings. Additionally, users are advised to consider transferring their domains to alternative registrars such as Cloudflare Registrar, Amazon Route53, MarkMonitor, or CSC for enhanced security measures.

Security experts and investigators are actively pursuing the incident to ascertain the full extent of the compromise and the precise methods employed by the attackers. They have emphasized the importance of Squarespace enhancing its security protocols and providing robust support to affected customers. As the situation evolves, users are urged to exercise heightened vigilance when interacting with potentially compromised domains and to remain updated with the latest security advisories from Squarespace and relevant authorities.

Reference:

  • Hackers Compromise Squarespace Customers Domains Following Google Acquisition
Tags: Acquisitioncyber incidentsCyber Incidents 2024Cyber threatsGoogleGoogle DomainsJuly 2024Squarespace
ADVERTISEMENT

Related Posts

Semiconductor Firm AXT Hit by Data Breach

Adidas Data Breach Exposes Customer Contacts

May 27, 2025
Everest Ransomware Leaks Coke Staff Data

Everest Ransomware Leaks Coke Staff Data

May 27, 2025
Semiconductor Firm AXT Hit by Data Breach

Semiconductor Firm AXT Hit by Data Breach

May 27, 2025
NIST Launches New Metric to Track

Hackers Steal $700K from Philly School District Accounts

May 26, 2025
NIST Launches New Metric to Track

Naukri Fixes Bug That Exposed Recruiter Email Addresses

May 26, 2025
NIST Launches New Metric to Track

Chinese hackers hit US utilities via flaw

May 26, 2025

Latest Alerts

FBI Warns Luna Moth Targets US Law Firms

Winos 4.0 Malware Spread Via Fake Installers

GhostSpy Android Malware Full Device Control

D-Link Routers Exposed by Weak Credentials

TA-ShadowCricke Unmasked via Backdoors

Killnet Resurfaces with New Identity

Subscribe to our newsletter

    Latest Incidents

    Everest Ransomware Leaks Coke Staff Data

    Adidas Data Breach Exposes Customer Contacts

    Semiconductor Firm AXT Hit by Data Breach

    Hackers Steal $700K from Philly School District Accounts

    Chinese hackers hit US utilities via flaw

    Naukri Fixes Bug That Exposed Recruiter Email Addresses

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial