And all those passwords published yesterday. A well-meaning security expert assembled 10 million previously leaked passwords and released them out into the world. That password dump was probably unrelated to the social media hacks, however. When I asked security expert Per Thorsheim whether there was any possibility of a correlation between the dump and this morning's hacks, he replied: "Close to none. Those attacks have historically been done using phishing attacks as far as I know."
So those social media accounts got owned when somebody clicked on a link they shouldn't have, or put in their passwords into the wrong form. Just like that, they gave away the keys to their social media castle.
But! There are ways to protect yourself! You can protect yourself from some attacks if you simply use two-factor authentication on your accounts. Most prominent online services, including Twitter and Facebook, offer two-factor authentication, which makes it very hard for people to use password dumps to get into your accounts. That's because two-factor auth requires both a password and a key generated by an app on your phone. It's hard for adversaries to get both.
Take all of these hacks as a good reminder to get two-factor authentication, and change your password. Change it regularly! It's just good data hygiene.