Mojang have reset those accounts' passwords and e-mailed their owners to let them know about the situation. As evidently not everyone is clued-in about online security, let's consider this a public service announcement to really, really be careful with our online accounts.
Posting on the official blog Mojang's Owen Hill explained that the security breach wasn't a result of hacking, but of people being fooled into entering their details on non-Mojang websites. The blog post echoes a statement from Microsoft, the company which now owns Minecraft following its acquisition of Mojang for $2.5 billion:
"We can confirm that no Mojang.net service was compromised and that normal industry procedures for dealing with situations like this were put in place to reset passwords for the small number of affected accounts," a Microsoft spokesperson told The Guardian.
"When we discover lists of gamertags, usernames and passwords posted online, we take immediate action to protect our customers by reviewing for valid credentials and resetting account access when necessary."
If Mojang haven't sent you an email then you weren't on that list. However if you use the same password for multiple services you might like the take the opportunity to change your Minecraft login anyway. A huge part of why these accounts are a target is that people reuse passwords, so gaining access to your game account could yield access to more lucrative services. I *KNOW* so many of you know that and that it's internet safety 101 but just in case one person reading it doesn't then hooray for helping!