A recent exploit found in OpenSSL (an open-source security socket layer, meant to secure/encrypt internet traffic) called "Heartbleed", made it possible for hackers to find and use passwords on systems using OpenSSL.
WAIT, MOJANG WAS HACKED?
No, Mojang was not hacked. Their servers are not vulnerable to the OpenSSL exploit, but the load balancers they use from Amazon were. As a precaution, it has been recommended that you update your Minecraft password, just to be sure.
Quote fromDue to an exploit in the OpenSSL software used by Amazon's load balancing serive (which we use for most of our stuff) we were forced to temporary suspend all of our services. All systems are now back online, and the exploit has been fixed. There was no way to target specific users, but we can not guarantee that your information wasn't compromised. Therefore we recommend everyone to change their Mojang/Minecraft account passwords.
WAIT - DO I CHANGE MY MINECRAFT PASSWORD, MOJANG PASSWORD, OR BOTH?
If you have not migrated your account, change your password at Minecraft.net.
If you have migrated your account, change your password at Mojang.com.
Regardless of whether you have or have not migrated, it is crucial to change your password.
If you were already hacked, then if you change your password NOW you don't need to worry about others changing it for you. Though I have no reason why to believe a hacker like that would want to play Minecraft on your account, this affects most of the Internet, so that's pretty crucial. And if you really want to know, some guy made Heartbleed, about more than 2/3 of the Internet was able to get hacked (for lack of better term). It's not much more than that, but if you're gonna go daredevil and not change your password we're not gonna really care if for some reason some hacker wants your account.