> For the security of our customers from the publicity we were expecting from the announcement, we've decided to leave out the technical details of the breach in the blog post.
This doesn't exactly inspire confidence that your service is now secure.
It's most likely not. Not sure if this was intentional but they pretty much confirmed it in a reddit thread:
> ... and are also in the process of completely deprecating the admin tokens for a more secure internal authentication procedure. Not to mention, we're also looking to fully deprecate the need of the GitHub OAuth tokens entirely in the coming weeks.
This doesn't exactly inspire confidence that your service is now secure.