In an annual disclosure to investors, internet domain registrar GoDaddy said it is the victim of a three-year-long hacking campaign that installed malware on internal systems and obtained source code.