As others point out, secure services will keep only the encrypted passwords in the database in case of breaches.
Occasionally you will come across a site (usually older) that doesn’t have this but it isn’t the norm.
Most sites however probably do have ways of accessing user accounts if an occasion to do so presents itself. What keeps the admin from doing this is integrity. There are probably some legal implications as well.
