I wish the email they sent out had contained a little more technical information as to exactly what had been (possibly) compromised. Depending on how their site is designed, "Joe Public" could either be at great risk, some risk, or little risk.
Let me explain.
When you register an account on somewhere such as a forum, the username and password you pick have to be stored somewhere so that they can be checked against at a later point (when you come to log in!). Usually the details are stored in a database as these are fast and easy to use, however they way they are stored can vary:
1. Plain text. The worst possible scenario (from a security point-of-view) - anyone who can access the database literally can read the information straight out of the users table.
2. Hashed. The username is "hashed" before being stored in the database, usually with an algorith such as MD5. This means that all there is in the database for password is an alphanumeric string. MD5 is not feasibly reversible, however with determination, hashes can be reasonably easily returned to plain text with the use of a "rainbow table" of known or computed hashes.
3. Salted hash. Same as above, but with the inclusion of a secret "key" which the hash is cyphered against. Provided the salt is large enough, a rainbow-tables attack is not feasible.
I am hoping Bauer's web designers are security-concious enough to go for salted hashes (or better!), but some reassurance of this from them would not go amiss. Just in case anyone is wondering, secure website hosting is part of my job description.
IT11