Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Published on:

July 15, 2024

In a recent article from KrebsonSecurity, they detail that at least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Read the research: https://krebsonsecurity.com/2024/07/researchers-weak-security-defaults-enabled-squarespace-domains-hijacks/

Related Content

Research

Doppelgänger / RRN Disinformation Infrastructure Ecosystem 2026

Analysis of the Doppelgänger / RRN disinformation ecosystem. Learn how this DevOps-style infrastructure uses automated media impersonation, TLD rotation, and cloud-native hosting to target global audiences and evade enforcement.

Learn More

Research

Lotus Blossom (G0030) and the Notepad++ Supply-Chain Espionage Campaign

How Lotus Blossom (G0030) compromised the Notepad++ update pipeline in a precision supply-chain espionage campaign targeting high-value organizations.

Learn More

Research

THE KNOWNSEC LEAK: Yet Another Leak of China’s Contractor-Driven Cyber-Espionage Ecosystem

Leaked Knownsec documents reveal China’s cyberespionage ecosystem. Analyze TargetDB, GhostX, and 404 Lab’s role in global reconnaissance and critical infrastructure targeting.

Learn More

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Heading