Squarespace Weak Security Aided In Domain Hijacks — 10 Millions Domains Affected

Mark Harwood
3 min readJul 24, 2024

If you had a domain with Google Domains, it’s likely that this has now moved to Squarespace. Over the last month or so, it’s come to light that an issue with Squarespace weak security aided in domain hijacks.

Before I continue, you can also read this on my website!

Introduction

You might not have known, but when Google had the amazing idea to close down Google Domains, Squarespace actually bought all their assets.

In short: if you had a domain with Google Domains, this is now with Squarespace.

It comes in line with so many other services that Google has shut down for seemingly no reason.

The transfer of user data and domains isn’t completely out of the ordinary. What was different this time however, was that there seemed to be next to no security for accounts that hadn’t been initialised on Squarespace yet.

And with roughly 10 million domains transferred, the odds are definitely stacked that some percentage of these customers would forget to login to Squarespace and complete the setup process.

Squarespace Weak Security Aided In Domain Hijacks

--

--

Mark Harwood

IT Pro 👨‍💻 Dad 👀 Husband🔒 Check out my free blog or utilise my expertise on the web! https://mharwood.uk