Hackers gained full root access to a NordVPN server and stole a TLS key, and two others that are unsure what the use cases are. NordVPN sat on this information for months without informing their customers. What are the other possible security consequences of this breach?
Well, the only actual security consequence of this breach is a really hard MiTM attack. Yet to accomplish this attack, you would need the target to have an already “breached” device. (trough public WiFi, which would make the attack insanely personal) And even then, it is not guaranteed that it would do anything, as the person would have to click on a fake link and then add their details. Nordvpn themselves have explained what happened pretty clearly https://nordvpn.com/zh-tw/blog/official-response-datacenter-breach/ BUT if you want a non bias opinion, cnet has covered this as well https://www.cnet.com/news/after-the-breach-nord-is-asking-users-to-trust-it-again/