this is the only way to fight incompetence of some websites. those passwords are (most likely) unsalted vanilla MD5 hashes. just entered a few of them into google from that file and yes, many of them are present in rainbow tables. damn. makes me angry as a programmer how financial website can be this unsecure and easy to compromise.
you can recognize salted hashes from unsalted ones just by looking at them? open the file and search for 5f4dcc3b5aa765d61d8327deb882cf99, at least 1,600 passwords in that list are unsalted. (those without $1$)
Cause, I don't think they broke any rules. Are they even required to keep those details secret? It's pretty clear marketing agencies can buy that data, so i don't think it's any sort of violation of privacy policy.
I find it funny that people are outraged about unsalted MD5 yet they use passwords like "secret123" that are found in every wordlist.
Guess what: Even salted hashes won't save your ass with such weak passwords. And yes: it's a FUCKING TRADING PLATFORM you want to put money on so _you_ should think of a secure password.
And what makes you think that the same people who are complaining about unsalted MD5 are also the same people who use passwords as weak as 'secret123'?