[noodlesUK]

Is there any indication which country’s keys were leaked, and if so, just one key, or many?

The EU DCC spec is decentralized, so it is very unlikely that more than one country got owned.

[raxxorrax]

But depending on the reader apps for verification the result might be the same when they just check for a valid European signature.

Honestly, I don't really mind that because I am not really a fan of vaccination certificates for an extended period of time.

edit: Seems to be fixed, so the key probably wasn't leaked.

[NoPie]

Still shows valid in my covid19verify app (from Latvia) that was just auto-updated with the latest public keys.

Maybe the update is not complete and takes longer time for some countries. Or the app does not check for revocation lists etc. I don't know the technical details.