John Mannes, writing at TechCrunch:
The number of passwords and the severity of the hack were not uncovered until today. The passwords were stored using unsalted MD5 hashing. Rather than storing passwords in plaintext, nearly every site that stores critical user information utilizes some form of hashing. Hashing is a method for encrypting data, but some methods are far superior to others.
These are some really bad password practices and if you have an account at Last.fm, you should go change your password. Also, LeakedSource is a good resource to see if your information has shown up in any of these information database dumps over the past few years. You can search by your email address.