Bleeping Computer

Heroku forces user password resets but fails to explain why

These stolen tokens were used by Travis-CI and Heroku OAuth applications to integrate with GitHub to deploy applications. Using these stolen OAuth tokens, threat actors could access and download data ...
ZDNet

Heroku to begin user password reset almost a month after GitHub OAuth token theft

Heroku has alerted a "subset" of its users that it is going to reset their passwords on May 4 unless they change passwords beforehand. In resetting the password, the company is warning that existing ...