Techly NewsGet the app

Get the latest tech news

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks


At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven't set up their new accounts. Experts say…

Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain. In some cases, the attackers were able to redirect the hijacked domains to phishing sites set up to steal visitors’ cryptocurrency funds. The guide also recommends removing unnecessary Squarespace user accounts, and disabling reseller access in Google Workspace.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of researchers

researchers

Photo of squarespace domains

squarespace domains

Photo of hijacks

hijacks

Related news:

News photo

To Avoid Sea Level Rise, Some Researchers Propose Barriers Around the World's Vulnerable Glaciers

News photo

Researchers Discover Cache of Billion Stolen Passwords

News photo

Researchers Discover a New Form of Scientific Fraud: Uncovering 'Sneaked References'

« Trouble sleeping? This Bluetooth headphone sleep mask works wonders and is $16 off ahead of Prime Day
The Old Bailey with Britain's last court reporters »