I do not think so. There is currently no evidence that CircleCI itself had its data directly compromised as part of the MongoHQ hack.
They are just being cautious and assuming the worst and recommending their clients do the same (quite right too).
However the fact that so many apps can be screwed by a breach in a "Database as a service" style setup will make me wonder "How is this SaaS storing my data? internal or oursourced?" When evaulating new ones.
[EDIT] - Just noticed that I did not actually give opinion on the guess. It seems a reasonable guess that this could have been part of an attack on a MongoHQ customer.
I don't think it's relevant that it's a database as a service over all the other hosted services we put our trust in - if someone hacked Heroku, RackSpace or whatever other service provider they would get some db access, aws keys, source code etc too.
Private repos on github and bitbucket are probably a goldmine of accidents waiting to happen considering how many api keys etc slip into public ones!
Not really sure what the takeaway should be for developers building on [anything] other than to do your best not to store stuff in a way that can hurt your users if a platform you use is compromised.
Guess: this + mongohq was a targeted attack, aimed at a single customer of theirs?