MongoDB hack

Today ive been hacked somehow, someone created new datatable in my db, that wasn't me. I NEVER gave anyone a connection string, envs are inside railway, once I mistakenly pushed env to private github repo, maybe that is the issue. What do you think of that?
what makes you think you where hacked?