The WordPress team noticed some suspicious changes made to the AddThis, WPtouch, and W3 Total Cache plugins in the official plugin directory. The three plugins have been updated to remove the suspicious code, and all account passwords on WordPress.org have been reset as a precautionary measure. If you have an account on WordPress.org, you’ll need to reset your password.
To avoid future problems, or at the very least notice such activity sooner, the WordPress team has enabled notification emails for all plugin developers for whenever their plugin files are changed.
If you have a WordPress.com account or a self-hosted WordPress blog, this reset did not affect your own user account, but you should probably immediately upgrade your copies of AddThis, WPtouch, and W3 Total Cache, if you’re using them of course.