A recent exploit found in OpenSSL (an open-source security socket layer, meant to secure/encrypt internet traffic) called "Heartbleed", made it possible for hackers to find and use passwords on systems using OpenSSL.
WAIT, MOJANG WAS HACKED?
No, Mojang was not hacked. Their servers are not vulnerable to the OpenSSL exploit, but the load balancers they use from Amazon were. As a precaution, it has been recommended that you update your Minecraft password, just to be sure.
Quote fromDue to an exploit in the OpenSSL software used by Amazon's load balancing serive (which we use for most of our stuff) we were forced to temporary suspend all of our services. All systems are now back online, and the exploit has been fixed. There was no way to target specific users, but we can not guarantee that your information wasn't compromised. Therefore we recommend everyone to change their Mojang/Minecraft account passwords.
WAIT - DO I CHANGE MY MINECRAFT PASSWORD, MOJANG PASSWORD, OR BOTH?
If you have not migrated your account, change your password at Minecraft.net.
If you have migrated your account, change your password at Mojang.com.
Regardless of whether you have or have not migrated, it is crucial to change your password.