Two years and a couple of months ago Prosody’s hashed backend has been activated. Users that have logged in since automatically started using the security improvements it brought (hashed passwords on the server).
Users that haven’t logged in since still have their (old, unhashed) password file on the server and likely don’t use the service anymore. While I usually don’t see a reason to remove accounts at server level (users have the ability to delete their accounts themselves), I see one in this case as it removes the possibility for someone who gained unauthorized access to the server to gain possession of those unprotected password files.
If you haven’t logged in for more than two years and would like to keep your account, simply log in during the next ~30 days. Thank you.