They saw some things they believed might be brute force attacks against weak passwords, so they reset the passwords of people who the attempts had been directed against. They also changed they way they handled repeated password failures to be even more strick. The basic database was not compromised and the passwords in the database are encrypted with the master password for the account so they'd have to be broken account by account.
