SHA1 was already theoretically broken 2005, when Prof. Xiaoyun Wang announced a differential attack. By 2010 the NIST decided to announce SHA-1 as deprecated.
SHA1 is still in use in BitTorrent and on some https sites. As far as I know, Chrome is currently the only Browser, who considers SHA-1 signed certificates as not secure. Firefox is about to phase it out as well and Edge wants to do this in mid of this year.
BitTorrent uses SHA-1 as well. Since we now have the first proven collisions, this could become interesting in lawsuits coming from the content industry ...
SHA-1 is proven broken and must not be used anymore.