Hackers stole GitHub and Gitlab OAuth tokens from Git analytics firm Waydev

The companies that were hacked as a result (Dave.com, Flood.io) must have been storing secrets in source code, which has got to be one of the most negligent ways to suffer a breach.