Recently, there was a big scare about a ton of Minecraft passwords being leaked, but it was confirmed on Mojang's end as a false rumor. Going more into detail, Mojang's Owen Hill explains:
Quote from Owen Hill
Have you been hacked? What’s going on, Moj?
No! We haven’t been hacked. A bunch of bad people have tricked some of our users into disclosing their account information. We’ve emailed everyone affected, and reset all compromised passwords. If you haven’t received an email from us, you don’t need to worry.
No-one has gained access to the Mojang mainframe. Even if they did, we store your passwords in a super encrypted format. Honestly, you don’t need to panic.
So how did they get the info? You were hacked, weren’t you?
No – we weren’t hacked. The bad people got their hands on other people’s passwords by using an evil technique called “phishing.” That basically means they pretend to be Mojang and fool people into entering their private details onto fake websites.
What can I learn from this?
You should never, ever, enter your Mojang account details on websites that aren’t owned by us. It’s good practice to use different passwords for each of your internet logins too. That way, if someone does get hold of one password, they won’t get access to your other stuff.
I’d still like to reset my Mojang password. Just to be safe
Fair enough. You sound like a sensible one. Here’s a link. If you have any other support issues, help.mojang.com is your friend.
Anyone who didn't receive an email about their password probably shouldn't be concerned, but feel free to change it anyway, just in case. Having a secure password is never a bad thing!