Yesterday, the Heartbleed SSL exploit started to gain some attention around the web. As a result, many sites and services needed to update their security.

Essentially, this security flaw would allow someone to covertly access confidential information, such as a user's password, on a wide range of websites. As a precaution, Mojang is urging Minecraft players to change their passwords.
What did Mojang do?
As soon as we realized the severity of the exploit we decided to shut down all of our systems until a fix was available. This is why you were unable to log in yesterday. We then made sure that all of our services that use SSL no longer had this vulnerability before bringing them back online. We also updated all of our SSL certificates.
What should I do?

Change your Mojang/Minecraft account password
Since uses of the exploit leaves no traces, there’s no way for us to guarantee that your password hasn’t been compromised. Therefore, if you typed in your password into any of our games or websites during the last couple of days we strongly advice you to change it. Even if you haven’t logged in, it can still be a good idea the to change your password. One can never be too careful on the internet!

You can use this link to change your Mojang account password or this link to change your Minecraft account password.

They also suggest changing your password on other sites you may have used the same password at.