If you've recently upgraded to WordPress 2.8.3, you'll want to head over to WordPress.org and download the latest update and upgrade your install to 2.8.4. There is a security exploit that allows someone to remotely change your admin password through a special url that's formed in the right way. It basically removes the current password, replaces it with a newly generated one and no confirmation via e-mail is required.
Highly recommend you take care of this one pronto, before the script-kiddies and other “bad guys” find you or you might just find yourself locked out. Not cool.