There's no evidence that any encryption is broken (other than people misusing it (edit: or broken protocols like PPTP)). Anyone could do this kinda thing given enough motivation and money. Determining a VPN's users? Just monitor all inbound connections to the VPN service. Now you have the IPs of the users. The IP alone might be enough to know the user or a search on that IP might show them logging into other services that reveal their ID. Pretty simple.