You're confusing run-of-the-mill hash functions used e.g. for hash maps with cryptographic hash functions which have an entirely different purpose and therefore different characteristics (and conversely, using SHA256 to hash your dictionary keys would be totally overkill).
Cryptographic hash functions are one-way in the sense that (unless they are shown to be broken) it is not believed that there is a computationally tractable way of recovering the unhashed input from the hash. You can always brute force it, but even "just" for passwords, the input space is way too big for that, especially if you use a salt - unless you use a very common password, of course (even if limited to 26 letters and 8 characters that's over 200 billion different passwords).
So, most of your comment is just wrong, except for the part about how Wattpad stores passwords, which is just very likely wrong, since I can't prove it.
> (even if limited to 26 letters and 8 characters that's over 200 billion different passwords)
Of course, if you're using a fast cryptographic hash function then someone with a good GPU can throw a surprising amount of brute force at the problem. A Tesla M60, which is five years old, can do about 1.4 billion SHA-256 hashes per second; Amazon will rent you a server with one of these for $0.75/hour, and cracking a single 8-character lowercase alphabetic password should take about 2.5 minutes at most. Half that on average.
(Functions like bcrypt help with this by being designed for slowness, and newer ones like scrypt also try to use large amounts of memory with unpredictable access patterns so they're harder to accelerate with GPU/FPGA/ASIC hardware.)
This is all true, and this why we have bcrypt etc., but it was just an example for illustration.
In real-life situations, the input space is much larger still (if you account for longer passwords, case sensitivity, special characters etc.), as long as your passwords are truly unguessable. And at some point, even a very fast hashing algorithm won't be able to keep up. I don't know the exact calculations, but I would expect MD5 to still be hard to break for truly strong passwords (say, 20 random characters). The problem is more that people don't actually choose strong passwords most of the time.
Cryptographic hash functions are one-way in the sense that (unless they are shown to be broken) it is not believed that there is a computationally tractable way of recovering the unhashed input from the hash. You can always brute force it, but even "just" for passwords, the input space is way too big for that, especially if you use a salt - unless you use a very common password, of course (even if limited to 26 letters and 8 characters that's over 200 billion different passwords).
So, most of your comment is just wrong, except for the part about how Wattpad stores passwords, which is just very likely wrong, since I can't prove it.