Yup, I received a popup in Steam immediately when they sent it last night. No worries, everything was encrypted, they won't be able to decrypt it... Even if you used the same password on your Steam account, well assuming you enabled Steam guard, no one will be able to enter it.
My Steam username is: mike77 , my password is: 2Elm_treE34
If you try to login it will request the verification code that will be sent to my email. My email has a different password. Good luck.
My steam password and my email password are different to begin with and I already have SteamGuard enabled, but for good measures I'll still change my password on steam and keep an eye on my bank statements (though I think I've always used paypal, but I can't remember).
An e-mail would've been nice but still props to Valve for actually sharing this information and not sitting on it for weeks before coming clean. I use SteamGuard and different passwords for pretty much everything like most here, but I guess changing them now wouldn't hurt.