Getting events from unknown project

Our Sentry project is receiving events from an unknown source. There are 2 people on our team and a small codebase so we know for certain we are not producing these events. Our codebase is in a private repo in Github that only the two of us have access to. So there’s no chance our key could have been intentionally copied by someone else (plus what would be the point of doing that?).

Could this be a platform security bug? Or a key that was somehow randomly generated the same as ours?