But an analysis released by security experts at Metamask and Paradigm finds the most likely explanation for what happened is that Squarespace assumed all users migrating from Google Domains would select the social login options — such “Continue with Google” or “Continue with Apple” — as opposed to the “Continue with email” choice.
Taylor Monahan, lead product manager at Metamask, said Squarespace never accounted for the possibility that a threat actor might sign up for an account using an email associated with a recently-migrated domain before the legitimate email holder created the account themselves.
“Thus nothing actually stops them from trying to login with an email,” Monahan told KrebsOnSecurity. “And since there’s no password on the account, it just shoots them to the ‘create password for your new account’ flow. And since the account is half-initialized on the backend, they now have access to the domain in question.”
Well, looks like I'm switching. Anyone have good suggestions for an alternative?
I used to use Hover, switched to Porkbun and never looked back. I've been completely satisfied with Porkbun for domain management
I swapped to Porkbun from Google Domains and I've been quite happy so far!
I also recommend Porkbun. Their goofy attitude across a lot of the site was off-putting at first, but I can't argue with the results.
I'll give this a try, thank you!
Same I will probably just move them to NameCheap where I have other domains but I wanted to keep the emails domains in a separate place
That seems like an early-2000s kind of blunder. The whole situation is appalling, but this is a neat little detail