PM's are hashed within the database so there's an extra layer of protection but technically you could find a way. The attacks I'm talking about aren't interested in PM's and that sort of sensitive information. They're interested in generating username, pw, email tables to gain access to other things more valuable. XenForo is very safe but what I meant was we can't compare to WhatsApp, they literally have billions of users and absurd money is invested in safety.So PMs on the forum have security issues too?