Sorry, if I knock on my shoulder today, but I cleared up a big general error in my training around 2005. At that time, MD-5 encryption was considered secure in web development. People thought that if they just encrypted the password only MD5, that would be safe.
As a mathematician, it was clear to me, of course, that there is more or less a 1:1 relationship between password and MD5 hash, so that you can e.g. simply match the hash of common passwords with a database of passwords in order to decrypt the password. That's a bit high now, but nowadays there are websites where you just enter an MD5 hash and then get the decrypted password.
It would not be conceivable if the hackers had first noticed this connection. So everyone needs to develop their own encryption algorithm to prevent Brut Force attacks. This is the only way to properly take account of the concern about data protection.