>>colone+(OP)
I find facebook's effects on privacy and democracy as scary as the next person, but so far their secure coding standards have been extremely high. They're one of the few big names NOT on haveibeenpwned.com, they run their passwords through a KDF and then encrypt the result with a hardware security module, and a whole lot of other good things.
I guess even the best (at secure coding) sometimes mess up.