Guess what? Landlords now demanding their tenants' logins to their payroll systems. (Alternate link here)
Whey want you to log in through an app called Argyle, which scrapes an enormous amount of data from your employer/payroll website.
I'm feeling charitable today, so I'll just suggest that landlords and executives at ApproveShield be arrested tried and jailed, and not, as Mao Zedong did, that the legal niceties be ignored and a bullet be put in their head.
Landlords are using a service that logs into a potential renter’s employer systems and scrapes their paystubs and other information en masse, potentially in violation of U.S. hacking laws, according to screenshots of the tool shared with 404 Media.
The screenshots highlight the intrusive methods some landlords use when screening potential tenants, taking information they may not need, or legally be entitled to, to assess a renter.
“This is a statewide consumer-finance abuse that forces renters to surrender payroll and bank logins or face homelessness,” one renter who was forced to use the tool and who saw it taking more data than was necessary for their apartment application told 404 Media. 404 Media granted the person anonymity to protect them from retaliation from their landlord or the services used.
………
The person said earlier this year they were verifying their income in order to start a lease at an apartment complex in Atlanta. The apartment complex used a tenant screening service called ApproveShield, the person said. The landlord required 60 days of pay history, or four pay stubs, the person said.
ApproveShield is in-part powered by a tool called Argyle, which verifies peoples’ income. It does this by having people log into their corporate employer HR services, such as Workday, and scraping information stored within. I’ve covered Argyle before, when I found it was linked to a wave of suspicious emails that offered people cash for their workplace login credentials.
The renter said ApproveShield’s Argyle-powered widget asked them to log into their employer’s Workday. That's when they noticed something unusual.
“Argyle hijacked my live Workday session, stayed hidden from view, and downloaded every pay stub plus all W-4s back to 2024, each PDF seconds apart,” they said. “Workday audit logs show dozens of ‘Print’ events from two IPs from a MAC which I do not use,” they added, referring to a MAC address, a unique identifier assigned to each device on a network.
Yeah, this is hacking. Even if the accesses were approved by the renter, they would violate the terms of of service of literally every payroll system out there.
I know that jails are overcrowded, but we can let out some shoplifters and drug addicts to lock these people up forever.'
Or we can take off and nuke the site from orbit. It's the only way to be sure.
0 comments :
Post a Comment