Users need to be careful about opening links in emails even if they appear to be for legitimate domains, Holden said.
FTP applications can also be used to update files on a Web server, meaning hackers could potentially use the credentials to make changes to a company's website. It's hard to say how many of the FTP sites on the list are connected to Web servers, he said.
Several other companies whose FTP domains appear on the list could not be reached for comment.
Sign up for Computerworld eNewsletters.