Landlords are using a service that logs into a potential renter’s employer systems and scrapes their paystubs and other information en masse, potentially in violation of U.S. hacking laws, according to screenshots of the tool shared with 404 Media.

The screenshots highlight the intrusive methods some landlords use when screening potential tenants, taking information they may not need, or legally be entitled to, to assess a renter.

“This is a statewide consumer-finance abuse that forces renters to surrender payroll and bank logins or face homelessness,” one renter who was forced to use the tool and who saw it taking more data than was necessary for their apartment application told 404 Media. 404 Media granted the person anonymity to protect them from retaliation from their landlord or the services used.

“I am livid,” they added.

💡Do you know anything else about any of these companies or the technology landlords are using? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

The person said earlier this year they were verifying their income in order to start a lease at an apartment complex in Atlanta. The apartment complex used a tenant screening service called ApproveShield, the person said. The landlord required 60 days of pay history, or four pay stubs, the person said.

ApproveShield is in-part powered by a tool called Argyle, which verifies peoples’ income. It does this by having people log into their corporate employer HR services, such as Workday, and scraping information stored within. I’ve covered Argyle before, when I found it was linked to a wave of suspicious emails that offered people cash for their workplace login credentials.

The renter said ApproveShield’s Argyle-powered widget asked them to log into their employer’s Workday. That’s when they noticed something unusual.

“Argyle hijacked my live Workday session, stayed hidden from view, and downloaded every pay stub plus all W-4s back to 2024, each PDF seconds apart,” they said. “Workday audit logs show dozens of ‘Print’ events from two IPs from a MAC which I do not use,” they added, referring to a MAC address, a unique identifier assigned to each device on a network.

“ApproveShield knew the 60-day limit yet mined everything,” they added.

The person provided 404 Media with a screenshot which shows them receiving a wave of emails from Workday saying the PDF of their paystub is now available for download. The screenshot shows 14 emails concerning payslips, many more than the four the service was supposed to download.

As I previously covered, Argyle’s approach of having individual people give up login credentials for their employer’s corporate environments may violate U.S. hacking laws. Broadly, employees do not have the authority to share corporate login credentials. In 2013, journalist Matthew Keys was indicted, and later sentenced to two years in prison, for providing hackers with his credentials for the Tribune Company. Christopher Correa, a former executive for the Cardinals, was sentenced to four years in prison for logging into a system owned by his former employer.

The renter 404 Media spoke to said the same “credential-harvesting model now dominates Georgia rentals.” They pointed to other companies such as PayScore, Nova Credit (whose leadership includes an Argyle co-founder), and Snappt which also uses Argyle.

Realistically, if a potential tenant doesn’t give up their login credentials, they won’t be able to rent the apartment. “Opt-out means no housing,” the person said.

Neither ApproveShield nor Argyle responded to a request for comment.

From 404 Media via this RSS feed