The private key of an SSL certificate that belongs to a brazilian bank has been leaked. What are the risks?

In Summary :

Some background first: last week, some data from a Brazilian bank named Inter was rumored to have been leaked. That included personal data, documents, transaction logs, credit card passwords, everything a bank could possibly have, including the certificate's private key. The bank denied everything.Two days ago some guy showed up on r/brasil claiming he obtained the private key from somewhere public, which he did not disclose. Someone suggested that he signed a message to prove he had it, which he successfully did and can be verified here. It's worth noting that the certificate in question had been replaced on the website in march but did not expire and was still valid.The obvious reaction to this would be for the bank to ask for the revocation to the Certificate Authority, in this case, Go Daddy. The surprising thing is: it's been more than 48 hours since this went public and the certificate has not been revoked yet. The bank is dead silent about this.Considering the keys have fallen in malicious hands which intends to do man-in-the-middle attacks, what are the possible attack vectors from which this is possible? I know DNS spoofing is a possibility. Are there other types of attacks which can originate from this? Some relatives have bank accounts there and are worried. Thanks in advance[...]

kindly refer the following link as follow up :
https://ift.tt/2rADnGT