Sprid

netrox said:

I don't get it - passwords should ALWAYS be hashed and salted. How can passwords be exposed? Are they still using plaintext? Surely, it cannot be with Meta, Apple, Google, they already know never to hold passwords in plaintext. 

You cannot use hashed passwords to authenticate. 

I read this as "A database of password collected by a hacker was leaked".  They didn't come from apple. Someone nefarious collected them and then stored them.  That stored collection was then found by someone else (who subsequently reported it).  The unsavory person probably doesn't care much about best practices when storing passwords.