A recent mishandling of domain transfers from Google Domains to Squarespace has resulted in a series of website takeovers, potentially compromising user data and functionality, cybersecurity researchers warn.
According to a report from cybersecurity group SEAL911, first highlighted by Brian Krebs, an unidentified threat actor exploited vulnerabilities within Squarespace following the 2023 acquisition of Google Domains by Squarespace. This exploitation allowed the actor to gain control over accounts managing recently migrated domains.
The breach enabled the attacker to redirect users to phishing sites, intercept emails, and take control of Google Workspace (formerly GSuite) accounts to access emails and add devices, posing significant security risks.
The researchers, including samczsun, tayvano, and AndrewMohawk, pointed out that during the migration process, Squarespace failed to adequately verify the authenticity of accounts associated with the transferred domains. This oversight left gaps, allowing malicious actors to preemptively seize control before legitimate domain owners could finalize their account setups on Squarespace.
As a consequence, at least a dozen cryptocurrency websites fell victim to the hijackings, redirecting unsuspecting users to fraudulent portals aimed at compromising cryptocurrency investor accounts.
Squarespace has been notified of the issue, but the researchers urge affected administrators to remain vigilant. They recommend closely monitoring their websites and meticulously managing permissions for all associated accounts.
In response to these developments, administrators who previously purchased Google Workspace through Google Domains are advised to acknowledge that Squarespace now serves as their authorized reseller. Consequently, anyone with access to a compromised Squarespace account potentially gains unauthorized access to associated Google Workspace services unless mitigative actions are promptly taken.
The incident underscores the importance of robust account verification protocols during domain migrations and the necessity for proactive security measures to safeguard against such exploits in the future.
Related topics: