Did GitHub reset your account password and revoked all of your PAT?
Seems that many users got an email informing them that: "We’re writing to let you know that we observed suspicious activity that suggests a threat actor used a Personal Access Token (PAT) associated with your account to access private repository metadata."
Yes. Still waiting for a reply from them on further audits + waiting for any kind of update from Travis since all the tokens that everyone has shared as affected have been related to Travis CI. This includes us as well.