|February 5, 2013
The list was initially posted to the website for the Alabama Criminal Justice Information Center (ACJIC), then apparently taken down by that site's operators. The ACJIC did not respond to a request for comment about the incident.
However, the list was also posted elsewhere online, and remains available through Google's web cache. It contains contact information on people with a range of job titles, from cashier to C-level officers to bank presidents. Phone calls placed to several of the people on the list indicates that the tally is current and accurate.
The list also contains logins, hashed passwords and their "salts" -- random characters added to a hashed password to make it more difficult to crack.
"That means they had to have very deep access to get those combinations," Cameron Camp, a senior researcher with Eset, said in an interview.
What's concerning is that the list involves people at many types of financial institutions, Camp said. "How were they able to get logins and passwords and salts for that many bankers?" he said. "That's kind of scary."