I remember in the 2010's when several popular forums swore that they never stored plain-text passwords, but then sent out emails to their users once they were hacked that their passwords have likely been compromised
I mean, if they didn't salt the hashes on a per-user basis, with even 2010s hardware it would be fairly easy to compute the hash of every password below a certain complexity and associate them with emails to get a set of login credentials.