Github Hacked - stolen Oauth tokens

Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog

You should, however, periodically review what OAuth applications you’ve authorized or are authorized to access your organization and prune anything that’s no longer needed. You can also review your organization audit logs and user account security logs for unexpected or anomalous activity.

I know some people use Github. They are in the process of working out who is affected and will probably be in touch, but working on databases, just how much data do they log, especially a behind the scene attack vector like this one.

All Public Clarion repositories on GitHub

It looks like these hackers were expecting many people to be on Easter vacation, not thinking about work.