A significant cybersecurity breach has come to light, revealing that multiple domain names hosted on Squarespace have been compromised by unknown hackers, with the incident reportedly commencing around July 10, 2024. This breach has notably affected domains transferred to Squarespace following its acquisition of Google Domains in September 2023. The acquisition involved the migration of domain registration data and customers from Google Domains to Squarespace, a process that continued over several months. During this transition, Squarespace automatically created accounts for each domain based on email addresses associated with Google Domains accounts, including administrative, technical, and billing contacts.
The attackers exploited vulnerabilities within this migration process to gain unauthorized access to Squarespace accounts. Once inside, they proceeded to manipulate DNS records, enabling them to redirect domain traffic and intercept emails by altering MX records. This tactic allowed the hackers to execute password resets and escalate their control over associated accounts. The impact of these actions was particularly severe within the decentralized finance (DeFi) sector, affecting platforms such as Compound Finance, Celer Network, and Pendle Finance. These platforms experienced DNS hijacking, leading users unwittingly to malicious sites designed to steal funds and sensitive user information.
In response to the breach, Squarespace has issued several recommendations aimed at mitigating the fallout and preventing further unauthorized access. These include urging affected users to enable Two-Factor Authentication (2FA), remove unnecessary accounts that were automatically created during the migration, and thoroughly review and correct any unauthorized changes to DNS settings. Additionally, users are advised to consider transferring their domains to alternative registrars such as Cloudflare Registrar, Amazon Route53, MarkMonitor, or CSC for enhanced security measures.
Security experts and investigators are actively pursuing the incident to ascertain the full extent of the compromise and the precise methods employed by the attackers. They have emphasized the importance of Squarespace enhancing its security protocols and providing robust support to affected customers. As the situation evolves, users are urged to exercise heightened vigilance when interacting with potentially compromised domains and to remain updated with the latest security advisories from Squarespace and relevant authorities.
Reference:
