According to DreamHost’s status blog, the company detected “unauthorized activity within one of [their] databases”. In other words: someone was snooping around where they shouldn’t have been snooping, and DreamHost noticed the foot prints.
Alas, the company isn’t divulging much information as to the nature of the hack, beyond that they “don’t have evidence that customer passwords were taken at this time”. Still, they’re requiring password resets for all Shell/FTP accounts (read: not the account that DreamHost customers use to login to the billing/backend system, but the user accounts they use to access and maintain their actual websites.) for what seems to be all DreamHost customers. If you find yourself having trouble logging into your DreamHost FTP accounts today, it’s because your password has already been disabled.
Perhaps it goes without saying, but: If you’re a DreamHost customer and you use a similar password elsewhere around the Internet, now’s the time to switch them all up.