WordPress automatically creates a page for each author. There is a slight security risk with the URLs generated from WordPress for these author archive pages. The URL of the author archive page on a WordPress site is e.g.
john is a URL-friendly version of the username. This username is needed to login into WordPress. In other words the login names from all your users are publicly visible.
To avoid this risk the smart User Slug Hider Plugin changes all author page URLs from e.g.
www.example.com/author/john to a 16 digits coded strings like
www.example.com/author/e9e716def73f76ac. The codes are generated automatically and its impossible to make conclusions about the user names. The WordPress default URLs will cause a 404 (not found) error.