Security researcher @hexdefined tweeted that NordVPN, of which we are an affiliate, was compromised as the private keys for their web site certificate were publicly leaked on the Internet. NordVPN has not responded to any of our queries, both NordVPN and TorGuard have issued statements. The attacker was able to gain access to their servers through an insecure remote management tool deployed by their datacenter provider. The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either.
Source: https://www.bleepingcomputer.com/news/security/hacker-breached-servers-belonging-to-multiple-vpn-providers/

