A GoDaddy spokesperson said that the domain registration discovered a security incident on April 17 that went back to October.
The credentials were used only for accessing remotely hosted servers, not customers’ main GoDaddy accounts, according to the company.