That's exactly what happened with popular VPN service NordVPN. The company just disclosed that 19 months ago hackers gained access to its encryption keys. With these keys, attackers could perform decryption attacks on segments of NordVPN's userbase. The breach was made public after evidence surfaced that two rival services, TorGuard and VikingVPN, also got hacked.
VPNs put all of a computer's Internet traffic into a single encrypted tunnel that's only decrypted and sent to its final destination after it reaches one of the provider's servers. That puts the VPN provider in the position of seeing huge amounts of its customers' online habits and metadata, including server IP addresses, SNI information, and any traffic that isn't encrypted.More details can be read at ARS Technica.