A malicious actor has stolen a large volume of data from many organizations with OAuth user tokens. GitHub revealed this incident and disclosed that the user tokens were issued to Heroku & Travis. This implies that the hacker stole the tokens and then used them to access private repositories.
According to the Github CSO, Mike Hanley, both GitHub and its users use this application. However, GitHub doesn’t store them in a format that an attacker could exploit. This means that they couldn’t have accessed the tokens from the Github systems.