The organization that oversees the world's internet domains has experienced its third security breach this year, it announced Wednesday.
The Internet Corporation for Assigned Names and Numbers (ICANN) said in a blog post usernames and passwords for profiles on its ICANN.org site have been obtained by an unauthorized party.
"We don't know exactly how the data was stolen," a spokesperson from ICANN told Motherboard by email. "While investigations are ongoing, the usernames/email addresses and encrypted passwords for profile accounts created on the ICANN.org public website appear to have been obtained as a result of unauthorized access to an external service provider."
In December 2014, the organization announced internal systems had been breached due to a spear phishing attack, when employees were tricked into giving up their login info to emails purporting to be from ICANN accounts. In April this year it announced an investigation into unauthorized access of data on the site.
ICANN clarified that in this hack, no financial information was stolen from user profiles, and that the passwords that were compromised are encrypted. It is still advising customers to change their user information and logins for other sites that recycled the same passwords.