Following a plain text list of 1800 user emails and passwords appearing online due to a phishing scam, Mojang have published a response to the leaked info and moved to assuage anyone having a panic.
"No! We haven’t been hacked. A bunch of bad people have tricked some of our users into disclosing their account information. We’ve emailed everyone affected, and reset all compromised passwords. If you haven’t received an email from us, you don’t need to worry."
Mojang have urged that people "should never, ever, enter your Mojang account details on websites that aren’t owned by us. It’s good practice to use different passwords for each of your internet logins too. That way, if someone does get hold of one password, they won’t get access to your other stuff."
Mojang have moved to contact those affected, and if you want to change your passwords just to be safe (you should change all of your passwords relatively regularly just to be safe) their website provides links and advice on how to best protect yourself.