NordVPN is garbage, but so are many, many other providers of so-called Virtual Private Networks which are really just translucent proxies. Don't get me wrong though, VPN's are certainly useful depending on what one is wanting to achieve and i personally think a good VPN is fitting for many people that care about privacy, but they do not provide the stealthiness most people think they do. As for NordVPN, the following is from my article, Tor versus a VPN – Which is right for you?:
NordVPN is a huge player in the VPN market and i have used them in the past, however Nord's service wasn't very good, one reason being unstable connections and another being blacklisted IP addresses. Also i find the shear size of the company, their cheap prices, poor history, and a recent merger to be worrying. Finally, Nord has had some extremely serious security issues. In 2018 NordVPN suffered a catastrophic hack and failed to handle the situation in an ethical manner.
NordVPN, a virtual private network provider that promises to "protect your privacy online," has confirmed it was hacked.
The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private key exposed, potentially allowing anyone to spin out their own servers imitating NordVPN.
[...]
NordVPN told TechCrunch that one of its data centers was accessed in March 2018. "One of the data centers in Finland we are renting our servers from was accessed with no authorization," said NordVPN spokesperson Laura Tyrell.
The attacker gained access to the server - which had been active for about a month - by exploiting an insecure remote management system left by the data center provider; NordVPN said it was unaware that such a system existed.
[...]
NordVPN said it found out about the breach a "few months ago," but the spokesperson said the breach was not disclosed until today because the company wanted to be "100% sure that each component within our infrastructure is secure."
A senior security researcher we spoke to who reviewed the statement and other evidence of the breach, but asked not to be named as they work for a company that requires authorization to speak to the press, called these findings "troubling."
"While this is unconfirmed and we await further forensic evidence, this is an indication of a full remote compromise of this provider's systems," the security researcher said. "That should be deeply concerning to anyone who uses or promotes these particular services."
NordVPN said "no other server on our network has been affected."
But the security researcher warned that NordVPN was ignoring the larger issue of the attacker's possible access across the network. "Your car was just stolen and taken on a joy ride and you're quibbling about which buttons were pushed on the radio?" the researcher said.
[...]
It's also believed several other VPN providers may have been breached around the same time. Similar records posted online - and seen by TechCrunch - suggest that TorGuard and VikingVPN may have also been compromised.
What Nord should have done is immediately cease service until the scope of the breach could be determined and the security hole patched instead of continuing to potentially compromise the security and privacy of all of its customers.
Also see AzireVPN's post, Why we Own our Own Servers.