ICANN the arbiter and overseer of the entire Internet’s domains and web addresses has been hacked, potentially compromising names, email addresses, passwords, and more info.

ICANN short for the Internet Corporation for Assigned Names and Numbers wrote in a blog post usernames and encrypted passwords for profiles on its ICANN.org site have been compromised by an unauthorized party.

The global internet authority revealed in an email to Motherboard that investigations are currently going on. Accounts containing usernames, email addresses, encrypted passwords and other data, such as bios, interests, and newsletter subscriptions seem to have been obtained due to unauthorized access to an ESP.

Last year, in December 2014, the non-profit organization announced that it has fallen victim to a spear phishing attack, when several employees were chicaned into giving their login information to emails purporting to be from ICANN accounts. A few months ago, it launched an investigation into unauthorized data access on the site.

If you look at the silver lining, in this hack, no financial information was purloined from its user profiles, moreover the passwords that were obtained are encrypted. Although, it’s not impossible for hackers to figure out the original, plain-text passwords. Albeit, the arbiter of Internet domains is still advising customers to reset their user info and logins for various other sites that recycled the same passwords.

In recent months, the global internet authority has come under a lot of backlash for an odd number of reasons:

ICANN raked more than $60 million from gTLD (Generic Top-Level Domain) auctions by accepting highly controversial domains names such as “.xxx” and “.sucks”. The Intellectual Property Constituency that advises the ICANN board has described the domain .sucks as “predatory, exploitative and coercive”. The .sucks registry has announced an exorbitant pricing model, and most brand owners were perturbed and felt like they were being penalized by having to pay more to protect their brands.

In July 2015, the global internet authority posted a policy change for users who register domains under proxy services. Under the revised policy, it requires domain registrants to file their full name, address and contact details into WHOIS, internet’s directory for websites, however, there are services out there that allows them to maintain privacy by masking these details. Domain registrar Namechap and the Electronic Frontier and Fight for the Future dedicated to advocating for privacy freedoms started a campaign calling for people to get the overseer of internet domains reconsider the proposal. The issue had later been put up on the public front.