Some hacked into a WordPress blog and created an admin account for himself. The bloggers found the database entry for the account. The password was semi-encrypted using a technique called MD5 into what is called the hash. On a hunch, they googled the hash and, bingo, Google returned “Anthony” – and they had the plaintext password. So, someone somewhere had used that hash before, and Google knew about it.
Go here to create a hash of your important passwords, then Google them to check. Much more on this at the Guardian Tech blog.