MetaMask hasn't been hacked in any significant way. It employs HD backup settings and has a large development community that keeps its open-source code up to date. However, because the wallet is online, it is more vulnerable than hardware wallets and other cold storage methods. Phishing attacks are the most common threat to the MetaMask Wallet. It stores it on the internet, but MetaMask never has access to it but it's possible a skilled hacker could find the encrypted file on your side.
Create a New Wallet in MetaMask
Create a secure password.
Make your password unique, do not reuse an old password.
Consider using a passphrase instead, a sequence of 4 or more random words.
Consider using a password generator and manager, like Bitwarden.