Most people probably didn't pin the certificate. I think that the problem was caused by developers configuring their application to trust only the DigiCert Root CA.
This usually happens beacuse some applications don't use by default the root CA bundle of the underlying OS to authenticate TLS connections, but require you to put each Root CA certificate in a trust store (ex. Java).
Some devs probably added just the Digicert root CA and forgot about it.
These kind of changes with certificate are always kind of tricky, because they usually work very reliably until they don't.
My guess is that it is some larger corporate client with a middleware app they pinned the cert into. An app they built on Heroku hurriedly because it was fast and cheap to get started and they didn’t expect to need to scale. Then as can happen it became important and they scaled anyway. They probably lost the talent that built it so they don’t even remember how it works.
All of this is assumption based on how they seem to buy enough compute at Heroku to have sway over rolling back this change of cert provider.
Ugh, yes, I assure you that some corporate clients will even try to pin the actual leaf certificate; pinning an intermediate or root is almost good behavior for them. (Honestly, the number of times I had to tell our support people that no, we would not support customers trying to pin our AWS-issued certificates, and no, I couldn't promise to notify them even if I wanted to since AWS could just rotate them at will...)
Once upon a time a UK model train manufacturer had a warning inside the box of your new loco or rolling stock that said something like "Do not dismantle out of idle curiosity".
Some people despite the warnings and consequences can't help themselves :)
This usually happens beacuse some applications don't use by default the root CA bundle of the underlying OS to authenticate TLS connections, but require you to put each Root CA certificate in a trust store (ex. Java).
Some devs probably added just the Digicert root CA and forgot about it.
These kind of changes with certificate are always kind of tricky, because they usually work very reliably until they don't.