If a website salts their hashes, that only helps protect their users if that website is hacked and their password database stolen.
But 306 million passwords have already been exposed by data breaches at other sites. And users have a tendency to reuse passwords across multiple sites. Just because your website wasn't hacked doesn't mean an attacker can't go look up one of your users in someone else's data breach and try the same password on your site.
But 306 million passwords have already been exposed by data breaches at other sites. And users have a tendency to reuse passwords across multiple sites. Just because your website wasn't hacked doesn't mean an attacker can't go look up one of your users in someone else's data breach and try the same password on your site.