I can't think of a reason to not rotate credentials and variables the second you see a security incident of this scale even when it was in the very earliest stages. Better safe than sorry, and also a good time to review just how easy it is to update all the variables (is it automated & scripted, where are they stored and generated, etc.)