[dzdt]

So this sounds like Plaid wanted to learn how to interface with the client-facing web interface of these payroll systems. So it paid people who have their own payroll on the system for access to that individual's login to study the user interface in order to develop a system that can interoperate with it. This sounds... not so bad?

[jc_811]

I think the biggest issue is that they were paying employees for login credentials to sensitive systems. Imagine you’re an IT manager and you find out that an employee is giving the company’s* usernames and passwords - to a 3rd party at their own discretion. I think this is a HUGE deal. Unless the employees had explicit permission from the employer (the article strongly insinuates they did not), I don’t see how this is anything besides a giant mess.

*if you log into a company system, with a company provided username and password, those credentials belong to the company

[mgarfias]

I got the impression it was the employee side of the app. As in me logging into ADP so they can figure out how to scrape ADP

[lbotos]

Yes, but I'm sure most employment contracts say something to the effect of "you will not grant unauthorized access to company property or systems."

And the fact that the employee was paid, shows that the interest was in the employee's favor, not the businesses. (conflict of interest)

It's the same as if a salesperson said "I'll give you $500 to help me get into your office building, and navigate me to the payroll department's desk. I just wanna understand the layout for a meeting I want to have in a few weeks."

[astura]

They say their lawyers approved it, so I assume they verified they were getting credentials from higher ups who had the authorization and not just rank and file employees.

>Plaid told Motherboard 12 people participated in the test and that it was vetted by the company's legal counsel. Plaid added that participants' login credentials have since been deleted and that the test was only open to friends and family of existing Plaid employees.

[lbotos]

This sentence is loosely worded. Plaid's lawyers may have approved it, but did the lawyers of the company systems that were accessed approve it?

I cannot imagine the company's I've worked for allowing a non-partner 3rd party to pay me, an individual, for access to company systems, let alone approving it even if I wasn't getting paid...

Additionally, as a Senior Manager in my org, I could not accept a payment like this as it's a conflict of interest. It's even more egregious if plaid "got approval from a higher up for $500"