I think the specific hash algorithm used doesn’t matter much, except that MD5 is quite fast to calculate. A modern hash algorithm would buy some time by being more expensive computationally, but wouldn’t change much otherwise. From how I understand the article, they effectively did a sophisticated dictionary attack on the passwords in the database, not brute force attacks on individual hashes. Probably starting with all the known common passwords and then continuing with some generator based on common password patterns. Otherwise I couldn’t explain how they cracked 48% of the passwords in under 60 seconds and needed the remainder of an hour for just another 12%.
Regardless, that’s no excuse for still using MD5 hashes today. The problem is that a sizeable chunk of IT professionals have no fucking clue what they’re doing. They might have heard that storing passwords as plain text is a bad idea, so they use the first hash algorithm they come across which happens to be MD5, unsalted of course. Unittests pass, everyone’s happy, software gets shipped, black hats are happy.
Is Meta even active in China or are they blocked by the CCP? If so you can remove 1.4 billion people from the list of potential users, meaning an even crazier market saturation