It finally happened – a VPN provider in their customer (1, 2, 3). It just had to happen eventually. It’s the first case that I heard of and I’m sure not the last. What is advertised as a secure way to be anonymous on the net has always been at most as good as the provider. There’s no way to verify that yours is OK unless they proved that they are not trustworthy already.
The solutions are the same as always:
There are several others too, the choice depends on what you want to do.
A solution where you don’t have to trust some unknown company is inherently more secure than one that requires such trust. So do yourself a favour and when you need anonymity – get real anonymity and not smoke and mirrors.