Minecraft Passwords Compromised, Not Hacked
On January 21, 2015 Mojang put a post up on their official page making an announcement that some users' passwords had been compromised. There were a couple questions that Mojang cleared up in this post.
The creators of Minecraft made it clear that the people responsible did not gain access to the mainframe in the process. Even in the case that hackers did get entry to the mainframe, passwords are stored in a "super-encrypted format" according to Mojang.
The people responsible gained the information by phishing. This is when a person or persons pose as a company or website and ask for your information. In this case, they had asked for Mojang account information, and some people took the bait.
The players that were affected have been notified. If you feel that you would like to change your password on their severs for safety, see their full post on what to do here. Keep in mind that phishing attempts can extend to more than just games. Safe practice dictates that if you are unsure why a person or company needs your account information, call the company directly and ask if they have sent out any sort of email. Also look that you have "https" in the URL.