it's not to do with nsec compromisation, it's a bug on the client's end likely

such cases go back to over a year ago