As a customer, I'd like to know how the attacker got in and how Heroku can guarantee they don't still have access through those means.