> However, the key couldn’t possibly have been used to decrypt the VPN traffic of any other server. On the same note, the only possible way to abuse website traffic was by performing a personalized and complicated MiTM attack to intercept a single connection that tried to access nordvpn.com.
However crt.sh shows
> Validity
> Not Before: Oct 6 12:53:38 2015 GMT
> Not After : Oct 6 12:53:38 2018 GMT
What exactly were these keys for if they were only usable in such a manner according to nord?
Nord has a couple thousand severs, and each has their own key. In order to decrypt traffic, you'd have to intercept some traffic to decrypt, which would require a MitM attack unless you're an ISP/state actor.
I understand that the fact that these keys were obtained is concerning but the security of nord and etc prevailed at the end of the day.
The question is: were they leaked before they expired or long after?