Google security blog announced that they have been able to produce the first SHA-1 collision. That is, two different PDF-files with the same checksum. Finding the collision required nine quintillion (9,223,372,036,854,775,808) SHA-1 computations in total.
This may sound like a ridiculous amount but the research shows that, given the right resources, it is possible to break this hash algorithm. It is also noteworthy that this was not a brute-force attack which would still be impractical. In fact it was 100,000 times faster.
Now it is a good time to start using stronger hash algorithms such as SHA-256.