Automattic, the folks behind WordPress.com got hacked at the “root” level, which means that the hackers potentially had access to *everything* those servers were hosting, like WordPress.com and Vaultpress, but other services might be affected as well.
The extent of the breach is not known yet, but your information might not be safe anymore, and your password might be compromised already. It really stinks to get hacked, and it can take a lot of time to recover from that, so it’s probably best to take action now. How?
For most users, you simply need to change your password. In general, password are encrypted on the server, but if hackers have them, they can eventually crack them in the comfort of their “office”. Use a strong password like #1dontwantt0behAcked!, or even more cryptic. The more random, the better. There are even utilities to test your password’s strength.
For Vaultpress users, you should envision changing your FTP, MySQL and SSH passwords as that information was stored “somewhere” on Automattic’s servers. Again, we don’t know the extent of the breach, but it takes only minutes to change those, compared to hours or days to recover from a hacked site. Auttomatic might have other services that I’m not familiar with, so just be mindful of those as well. Be safe.