Matt Mullenweg, one of the founders of the site, wrote: “We’re still
investigating what happened, but as a prophylactic measure we’ve decided to
force-reset all passwords on WordPress.org.” He urges users to choose a
different password to the one they used before, and never to use the same
password on two different web services.
Article source: http://www.telegraph.co.uk/technology/internet/8594189/WordPress-forces-users-to-change-passwords-after-malware-attack.html