Gig Workers Being Paid $500 for Payroll Passwords

credential stuffing cyberattack

Argyle is paying workers to help hack payroll providers, researchers suspect.

Fintech startup Argyle, a financial-services platform aimed at gig workers, is working to replace credit scores assigned by bureaus like Equifax. But closer security analysis hints that Argyle could be just the latest incarnation of an ongoing data-collection campaign, paying people to give up their payroll login credentials on a massive scale, researchers said.

Argyle is marketed as a way for the growing numbers of gig workers (such as those that drive for companies like Uber, DoorDash or Instacart) to consolidate income data across several employers so they can more easily apply for credit. Argyle compiles data on those workers and provides an application program interface (API) to lenders that allows them to assess the creditworthiness of freelance workers.

“Our data shows that consistent work is a better indicator of someone’s ability to repay than their credit score,” the company site explains. “Argyle enables more workers with varied backgrounds to demonstrate this reliability to pay back obligations.”

So Argyle wants to workers to provide it access to their payroll platforms.

“In practical terms, that means that consumers’ access to financial security and upward mobility is dependent on their access to and control over their own employment records and how easily they can share those records with financial institutions,” the company added.

Argyle Has Access to 500K Payroll Platforms

For Argyle to sell its API to lenders, it had to collect enough employment records on enough people to make it useful on a wide scale.

To build out its platform, Argyle offers $500 for employees willing to provide their payroll information and a recurring $25 payment each month those credentials remain valid. The Argyle platform has been linked to several similar campaigns offering payouts for payroll credentials, according to KrebsOnSecurity.

Cash payouts have been an effective strategy. According to Argyle, the company’s platform currently has access to more than 500,000 companies, including 26 percent of the Fortune 500 and more than 90 million employment records. The list of companies Argyle is accessing on a recurring basis includes Amazon, Starbucks, Walmart and even government agencies like the Department of Health and Human Services.

Argyle said that it has added hundreds of thousands of users who have successfully provided it with access to their employment accounts and payroll system, and that its log-in success rate runs an average of 70-75 percent.

Screen-Scraping Software API?

Steve Friedl, an IT consultant, told KrebsOnSecurity that he thinks Argyle isn’t actually selling financial services — rather, it’s trying to refine a data-scraping tool.

“They are not paying this money just to be able to sell people services, they are doing so to maintain their screen-scraping software API,” Friedl said. “This is essentially paying employees to help Argyle hack their payroll provider.”

Argyle did not respond to Threatpost’s request for comment.

Another concern is that companies sitting on enormous troves of personal data like Equifax and Experian have suffered various breaches. It is unclear how Argyle intends to keep customer data protected.

Argyle might be forced to answer questions about its growing access to America’s biggest payroll platforms very soon.

KrebsOnSecurity contacted several sources at companies whose payroll credentials have been provided to Argyle, and although they wanted to remain anonymous, they communicated they were “horrified” and that their legal departments were investigating.

Download our exclusive FREE Threatpost Insider eBook, 2021: The Evolution of Ransomware,” to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what’s next for ransomware and the related emerging risks. Get the whole story and DOWNLOAD the eBook now – on us!

Suggested articles