An attacker who eavesdrops on a Mxit session can capture the user's hashed password and this hashed password can be re-used to login as that user. According to upstream, this is a fundamental problem with the Mxit protocol and cannot be fixed. External Reference: https://www.pidgin.im/news/security/?id=95 http://www.talosintelligence.com/reports/TALOS-2016-0122/