A misconfigured development server may have exposed NordVPN’s internal databases and source code to a notorious dark web actor.