You replied to a comment saying "That implies that they store plaintext or something reversible." You posted about hashing in a way that implies that comment is wrong. But that comment is completely correct. Taking three characters and hashing it is easily reversible. And then the attacker gets to log in.

The question is not whether on a technical level something got hashed. The question is whether a hash protects the password against brute forcing. And the answer is no.