Not necessarily. If a Javascript vulnerability exists, they can steal the password you type before it even reaches the database (long before the salting and hashing steps).
If the backend code running on their servers is similarly compromised, then the password can be stolen from code-memory before it is salted or hashed.
That tells me they’re not using salted and hashed passwords. How can they still be doing that? Idiots.
Not necessarily. If a Javascript vulnerability exists, they can steal the password you type before it even reaches the database (long before the salting and hashing steps).
If the backend code running on their servers is similarly compromised, then the password can be stolen from code-memory before it is salted or hashed.