I wonder why internet companies don't just do the right thing and use good hashes (or better methods like SRP, but that requires client updates) so that none of this would even mater
Because they don't start out with well-designed systems (that costs money), and they don't want to upgrade their systems to be good (that costs money).
It's very simple, but it's only obvious after you've seen it happen too many times.
It's very simple, but it's only obvious after you've seen it happen too many times.