Several organizations with domain names at Squarespace had their websites hijacked due to a vulnerability that allowed malicious hackers to gain access by using an email address tied to an existing domain. Most of the affected websites were related to cryptocurrency businesses, with some of them being redirected to phishing sites. Security experts found that the issue stemmed from Squarespace assuming users migrating from Google Domains would choose social login options instead of email login, leaving previously-migrated domains vulnerable. Recommendations include enabling multi-factor authentication and removing unnecessary user accounts to secure Squarespace accounts post-migration.
https://krebsonsecurity.com/2024/07/researchers-weak-security-defaults-enabled-squarespace-domains-hijacks/