They have definitely been compromised. You can buy lifetime accounts on the darknet for a dime a dozen with suspiciously not-real-person email addresses and passwords. Other VPN services and accounts for sale are much more expensive and you can usually tell at a glance that the credentials were stolen from a real user.
Edit: Perhaps the unimpeded sale of these "hacked" accounts leads indirectly/directly back to someone inside NordVPN? A dirty "trade secret" they wouldn't want revealed..? Seems farfetched but they have not proven themselves trustworthy in the past.
Edit: Perhaps the unimpeded sale of these "hacked" accounts leads indirectly/directly back to someone inside NordVPN? A dirty "trade secret" they wouldn't want revealed..? Seems farfetched but they have not proven themselves trustworthy in the past.