[emilsedgh]

Why? I think it's pretty evident that there's no reason to believe there's been a security breach there as far as they understand as of now.

[macNchz]

There was certainly a breach three weeks ago that they seem to have been investigating since. I am, like the commenter above, not filled with confidence about their statement, mostly because of the total lack of transparency so far.

The fact they’re only now sending additional notifications to rotate creds hints at something bigger than they initially announced, but really we have no idea since they never gave much detail in the first place.

[wlll]

There was a security breach. They don't know what the breach was, they don't know if the attacker has access to other systems, they just don't know.

No evidence of something is not particularly useful information if you weren't even looking out for it in the first place.

[adrr]

Github tokens were accessed and used to attack things outside of heroku. Something was breached. We don't know what, when it occurred and extent of the breach and I bet heroku doesn't know either.