An update on the Twitter Status blog explains that the service "unintentionally reset passwords of a larger number of accounts, beyond those… believed to have been compromised." Twitter wasn't hacked, it just goofed and accidentally sent re-set instructions to too many users.