Both heroku and travisci were affected? I wonder if and what the common vector would be for two major providers to lose their OAuth tokens.

- Heroku might be using Travis? - They were compromise independently but the hackers decided to start leveraging them at the same time to get the most out of them? - The obvious common denominator: Github? It doesn't make a lot of sense though.