Looking at my security log, it looks like they gained access over two weeks ago. No failed login attempts, just a successful login. No brute-forcing about it.
oauth_access.create: GitHub XRP Giveaway - 16 days ago
user.login: Originated from 23.29.121.166 - 16 days ago
oauth_access.create: GitHub XRP Giveaway - 16 days ago
user.login: Originated from 23.29.121.166 - 16 days ago