"Even if the hacker could have viewed the traffic while being connected to the server, he could see only what an ordinary ISP would see, but in no way, it could be personalized or linked to a particular user. And if they do it not through this server, they would do it using MiTM," the NordVPN spokesperson told The Hacker News.

"On the same note, the only possible way to abuse website traffic was by performing a personalized and complicated MiTM attack to intercept a single connection that tried to access nordvpn.com," the company said in its blog post.

"We are strictly no-logs, so we don't know exactly how many users had used this server," NordVPN said. "However, by the evaluation of server loads, this server had around 50-200 active sessions."

NordVPN, one of the most popular and widely used VPN services out there, yesterday disclosed details of a security incident that apparently compromised one of its thousands of servers based in Finland.Earlier this week, a security researcher on Twitter disclosed that "NordVPN was compromised at some point," alleging that unknown attackers stole private encryption keys used to protect VPN users traffic routed through the compromised server.In response to this, NordVPN published a blog post detailing about the security incident, and here we have summarized the whole incident for our readers to let you quickly understand what exactly happened, what's at stake, and what you should do next.Some of the information mentioned below also contains information The Hacker News obtained via an email interview with NordVPN.NordVPN has thousands of servers across the world hosted with third-party data centers. One such server hosted with a Finland-based datacenter was unauthorizedly accessed on March 2018.The company revealed that an unknown attacker gained access to that server by exploiting "an insecure remote management system left by the datacenter provider while we (the company) was unaware that such a system existed."Since NordVPN does not log activities of its users, the compromised server "did not contain any user activity logs; none of the applications send user-created credentials for authentication, so usernames/passwords couldn't have been intercepted either."However, the company did confirm that the attackers successfully managed to steal three TLS encryption keys responsible for protecting VPN users' traffic routed through the compromised server.Though NordVPN tried to downplay the security incident in its blog post by quoting the stolen encryption keys as "expired," when The Hacker News approached the company, it did admit that the keys were valid at the time of the breach and expired in October 2018, almost 7 months after the breach.Almost every website today use HTTPS to protect its users' network traffic, and VPNs basically just add an extra layer of authentication and encryption to your existing network traffic by tunneling it through a large number of its servers (exit nodes), restricting even your ISPs from monitoring your online activities.Now with some limited encryption keys in hand, attackers might have only decrypted that extra layer of protection coated over the traffic passed through the compromised server, which, however, can not be abused to decrypt or compromise users' HTTPS encrypted traffic.In other words, the attack possibly allowed attackers to only capture users' unencrypted data exchanged with non-HTTPS websites, if any, or DNS lookups for some users, and also defeated the purpose of using a VPN service.To be noted, "the (stolen encryption) keys couldn't possibly have been used to decrypt the VPN traffic of any other (NordVPN) server," the company confirmed.After discovering the incident a few months ago, the company "immediately terminated the contract with the server provider" and shredded all the servers NordVPN had been renting from them.NordVPN also immediately launched a thorough internal audit of its servers to check its entire infrastructure, and double-checked that "no other server could possibly be exploited this way."The company said next year, it will also "launch an independent external audit all of our infrastructure to make sure we did not miss anything else."The company also admitted that it "failed" to ensure the security of its customers by contracting an unreliable server provider, and that it is "taking all the necessary means to enhance our security."Not much. People use VPNs for a variety of reasons, and honestly, if you're using it for privacy or escaping Internet censorship, you should not stop using VPN in the wake of such events.However, before choosing a service you are always advised to do some research and pay for a service that you feel is trustworthy.