This
ars technica article describes a problem with the Travis
continuous-integration service:
A security flaw in Travis CI potentially exposed the secrets of
thousands of open source projects that rely on the hosted
continuous integration service. Travis CI is a software-testing
solution used by over 900,000 open source projects and 600,000
users. A vulnerability in the tool made it possible for secure
environment variables—signing keys, access credentials, and API
tokens of all public open source projects—to be exfiltrated.
Any project storing secrets in this service would be well advised to
replace them.