There is no publicly reported Squarespace security attack in May 2026. Based on current information from Squarespace’s status page and security reporting, the platform has not disclosed any active security incidents during May 2026. If you’ve encountered claims about a “May attack,” these are either speculative, referring to an older incident, or potentially part of a social engineering attempt.
The most recent confirmed Squarespace security incident occurred in July 2024, when hackers exploited vulnerabilities during the migration of 10 million domains from Google Domains to Squarespace, compromising user accounts and DNS records across crypto projects and other high-value targets. If you’re concerned about your Squarespace site’s security status, the focus should be on understanding past incidents and implementing protective measures going forward. Rather than checking for a specific May 2026 attack that doesn’t exist, site owners should verify whether their accounts were affected by the July 2024 incident and assess their current security posture against realistic threats.
Table of Contents
- Understanding the Real Squarespace Security Incident: What Actually Happened in July 2024
- How to Check If Your Squarespace Account Was Affected by the July 2024 Incident
- Signs Your Squarespace Site Has Been Compromised or Modified Maliciously
- Steps to Secure Your Squarespace Site and Prevent Future Compromises
- Limitations of Squarespace’s Built-In Security and When Professional Security Audits Become Necessary
- How to Monitor Squarespace Sites for Ongoing Threats
- The Broader Context: Squarespace Security and the Importance of Platform Vigilance
- Conclusion
Understanding the Real Squarespace Security Incident: What Actually Happened in July 2024
The most significant squarespace security incident in recent history occurred in July 2024, not May 2026. During Squarespace’s acquisition and migration of approximately 10 million domains from Google Domains, attackers exploited vulnerabilities in the transition process. The attack targeted account takeovers and DNS hijacking, which allowed bad actors to redirect traffic away from legitimate websites. Crypto projects were hit particularly hard because domain control directly impacts trust and asset security in the blockchain ecosystem.
Over 100 cryptocurrency projects found their sites compromised, including well-known platforms like Compound, dYdX, Hyperliquid, and Polymarket. The attackers used password spraying techniques—trying common password combinations against large numbers of accounts—which became possible because Squarespace temporarily disabled two-factor authentication (2FA) for all migrated accounts as part of the migration process. This temporary disabling of 2FA created an exploitable window that lasted longer than necessary, leaving millions of accounts vulnerable during a high-risk transition period. Even after the vulnerability was discovered and publicized, some users didn’t realize their accounts had been compromised until weeks later when they noticed unauthorized changes to their DNS records or website content. The incident highlighted a critical lesson: during major migrations, security controls should remain active unless absolutely necessary for technical reasons, and even then, alternative protections should be layered in place.
How to Check If Your Squarespace Account Was Affected by the July 2024 Incident
If your squarespace site contains sensitive information or was active during July 2024, you should verify that your account wasn’t compromised during that period. Start by checking your account’s login history, which Squarespace provides in the Account Settings panel. Look for login attempts from unfamiliar IP addresses, locations you don’t recognize, or times when you weren’t actively using your site. Squarespace logs login attempts and device information, so unexpected entries during July and August 2024 could indicate unauthorized access.
Additionally, review your DNS records and domain settings if your site is domain-dependent—check whether any DNS records have been modified or whether your domain is pointing to unexpected servers. The limitation of relying on Squarespace’s login history is that attackers who compromised accounts during the migration period may have covered their tracks by deleting logs or they may have accessed your account through a backdoor method rather than traditional login. A more thorough verification involves checking your domain registrar records, SSL certificate issuance history, and any email notifications you received during that time period. If you discovered unauthorized changes to your site after July 2024, or if you received suspicious password reset emails you didn’t request, there’s a reasonable chance your account was affected. Change your password immediately if you haven’t already, enable two-factor authentication, and consider enabling security notifications so you’re alerted to future login attempts.
Signs Your Squarespace Site Has Been Compromised or Modified Maliciously
Compromised Squarespace sites often display specific warning signs that appear before or after an attack. Website visitors might see unexpected malware warnings from Google Safe Browsing or other security providers, which appears as an alert before the site even loads. Your site’s search engine rankings may drop suddenly without explanation—this happens because Google demotes compromised sites in search results. You might notice new pages on your site that you never created, or existing pages may contain content you didn’t write. Malicious actors sometimes inject spammy links, redirect code, or phishing content into Squarespace sites to leverage the domain’s existing authority.
Another warning sign is unusual website behavior or redirects. If visitors to your site are automatically sent to a different website, or if your site loads extremely slowly for no apparent reason, you may have injected malicious code. Check your site’s meta tags and headers for unfamiliar JavaScript snippets or redirect commands. In the Squarespace editor, review your site’s CSS, footer code, and any custom code blocks you’ve added. One specific example: several sites compromised during the July 2024 incident had crypto-wallet stealers injected into their JavaScript, which silently captured information from visitors’ wallets without any visible sign on the website itself. These types of injections are particularly dangerous because the site may appear to function normally while secretly compromising visitor security.
Steps to Secure Your Squarespace Site and Prevent Future Compromises
The most important security measure is enabling two-factor authentication immediately, which prevents attackers from accessing your account even if they obtain your password. Squarespace supports authentication apps like Google Authenticator and Microsoft Authenticator—not just SMS, which is more vulnerable. Set a strong, unique password that you don’t use on any other websites. Use a password manager to generate and store a random 16-character password, which is significantly harder to crack through password spraying than common words or patterns. Compare this approach to simply changing your password from something like “Squarespace2024!” to “Squarespace2025!”—the first method provides real security improvement, while the second only makes you feel secure.
Beyond password and authentication measures, regularly audit the people who have access to your Squarespace account. Remove any team members or collaborators who no longer need access, and review API keys and connected integrations at least quarterly. If you’ve integrated Squarespace with third-party tools for email marketing, e-commerce, or analytics, verify that those integrations aren’t storing your login credentials and that they’re using OAuth authentication instead. Set up email alerts for account changes in your Squarespace security settings so you’re notified immediately if someone modifies your password, two-factor settings, or connected services. These alerts create an immediate detection window if someone tries to compromise your account, allowing you to respond quickly rather than discovering the breach weeks later.
Limitations of Squarespace’s Built-In Security and When Professional Security Audits Become Necessary
Squarespace provides foundational security protections like SSL encryption, regular backups, and DDoS protection, but these features have important limitations. SSL encryption only protects data in transit between visitor browsers and Squarespace’s servers—it doesn’t prevent your account from being compromised or malicious code from being injected into your site. Automatic backups protect against data loss, but if your account is actively compromised, you might restore from a backup that already contains malicious injections. For high-value sites—particularly those in finance, cryptocurrency, legal settlements, or e-commerce—relying solely on Squarespace’s built-in protections may not be sufficient. A critical limitation of Squarespace’s platform is its restricted ability to customize security at the code level.
Unlike self-hosted WordPress or custom applications, Squarespace sites are sandboxed, which provides protection against certain attacks but also limits what you can audit or customize. If you’re concerned your site was previously compromised, consider hiring a security professional to conduct a forensic audit. They can analyze your site’s historical changes, check for hidden backdoors, and ensure your DNS records haven’t been manipulated. This is particularly important if your site handles customer data, payment information, or sensitive business information. The cost of a professional audit ($1,000-$5,000) is substantially cheaper than the cost of recovering from a data breach or lost customer trust.
How to Monitor Squarespace Sites for Ongoing Threats
Beyond one-time security measures, continuous monitoring protects your site from emerging threats. Enable Google Search Console alerts, which notify you immediately if Google detects malware, hacking, or policy violations on your site. This provides an external verification source that isn’t controlled by Squarespace. Register your site with security monitoring services like Sucuri or Wordfence, which scan for known vulnerabilities and malicious code patterns. Set up website monitoring tools that check whether your site loads normally from different geographic locations and alert you if unexpected redirects or downtime occur.
These tools typically cost $10-$30 per month but provide early warning before visitors discover problems on their own. Additionally, monitor your domain’s SSL certificate history through services like Certificate Transparency logs. These public records show when SSL certificates are issued for your domain—if you see a certificate issued by an attacker, you’ll know immediately that someone has taken control of your domain. Set up alerts through your domain registrar and DNS provider to notify you of any changes to DNS records, domain contact information, or nameserver settings. Combine these layers of monitoring and you create a comprehensive early warning system that catches most types of compromise within hours rather than weeks.
The Broader Context: Squarespace Security and the Importance of Platform Vigilance
The July 2024 Squarespace incident wasn’t an isolated failure but rather a realistic vulnerability that can occur when any platform undergoes major infrastructure changes. Domain migrations, account system updates, and integration changes create temporary windows where security controls may be less robust. This pattern has repeated with other website platforms and service providers—the lesson isn’t specific to Squarespace but rather applies to all hosted website platforms. When your website provider announces major maintenance, migrations, or system changes, that’s the exact moment to increase your personal security vigilance rather than relax it.
Looking forward, site owners should expect that no platform—including Squarespace—can guarantee zero-risk environments. The responsibility for site security is shared between the platform provider and the site owner. Squarespace’s responsibility is to maintain robust infrastructure security and transparent communication about incidents. Your responsibility as a site owner is to use available security features, monitor for signs of compromise, and maintain backups and recovery procedures. By understanding both past incidents like the July 2024 attack and implementing the protection measures outlined above, you significantly reduce the likelihood that your Squarespace site will be compromised by future incidents.
Conclusion
There is no publicly reported Squarespace security attack in May 2026, but the platform’s history—particularly the significant July 2024 incident—demonstrates the importance of maintaining active security practices. To protect your Squarespace site, enable two-factor authentication, use a strong unique password, regularly audit account access, and set up monitoring alerts. Check your login history and DNS records if you were an active user during July 2024 to determine whether your account may have been compromised.
The reality of website security in 2026 is that threats come from multiple sources, and no single platform can eliminate all risks. Your best defense is a combination of platform-provided security features, continuous monitoring, and knowledge of past incidents that inform how you approach future protection. Treat your Squarespace security with the same seriousness you’d apply to your personal financial accounts, and you’ll substantially reduce your exposure to compromise and data loss.
