Last month, Facebook admitted to storing million of Facebook passwords in plaintext.
The Verge Apr 18, 2019

We see students being taught login systems here and a recurring mistake is passwords being stored in databases. It appears that CompSci courses teach bad practices early and as we know it's hard to unlearn what you learn earlier.

Further reading seems to indicate these passwords may have collected via logging.
"But as Krebs on Security first reported, various errors seem to have caused Facebook’s systems to log some passwords in plain text since as early as 2012."

I'm been chided for pointing this out from time to time but the mistake happens over and over and in very big companies.

It just got worse. As I wrote at Forbes yesterday, FB has now confirmed (albeit very quietly as an update to a month old post and on the day the Mueller report was published) that millions of Instagram passwords were stored in plain text as well...

commented: The number of textbooks or assignments with login code teach them badly. Off to change my Insta+FB passwords. +15

This is a fact not only for facebook. P.S. I dont know why everybody are talking about privacy but in the second you connect to the internet there is no longer privacy ...Do you remember the movie that an american who escaped in Russia because of all things he revealed and that we are under the eye of all governments.,..... Not only USA, but all... So.... Privacy ?!.... That is why,,, personal info in internet NO, should not be even at your device, infact if you want to store something digital, you should have one device that will be never conected to the internet. Payments only with electronic cards that you can uplaod certain amount and no one cant get all of your money only the amount for online paymens... This topic is realy endless... So I can say that no big deal. Hackers cant be stoped from anyone... If those are killed new ones will be born and that is it...I mean the government hackers not the rest

I cannot agree more. Ultimately it is our responsability as developers to see that we secure all and any sensitive data that our applications deal with at the moment such data is received.

I think the problem is as pointed out, you have been taught that 1 + 1 = 2 and that is that, let's stick to this format no matter how many times we read about the dangers involved in storing passwords, credit card numbers, personal detail in plain text or even in old faithful MD5. I suppose once we see the MD5 scrabble we think that no one will make head or tails of this and we are safe, you are so wrong!

I will see if I can spare a bit of time to post a full on solution to app security, something I worked on based from many a post around this subject. Fact of matter is however that no matter what we do, if a hacker wants in, they will get in. It is totally up to us to make it as difficult as possible for them to sniff our data.