With the fund and games many people using CircleCI are now having to deal with it is clear that your current Service Token solution could be enhanced in such a way as to add a lot of value as and when such an issue was to happen again with a system that holds a Token value.
At the moment tokens are just a single unique value, which as another post here has noted is something of a pain to rediscover if you need to change them on mass. Also I have in the past raised the issue that the CLI tool does not display enough of a token for you to be sure what config a token relates to, which again does not help.
What I would like you to consider (long term) is a 2-part token. This would be made from your current token, plus a project or system-wide value. As and when we get notified by a third party that their security may have failed all we then need to do is change the project/system value rather than all the individual config level tokens.