On their website, go to the sign in screen and click “Need help signing in”. Go through the prompts and watch the person’s username, and the legal name of all their employers (who have ever used ADP) appear on the screen.
Note: Whether or not you select “my current employer uses ADP”, it will still show you the full list of both current and previous employers (who use ADP).
From there, it is remarkably easy to gain access to paycheck information if you are a grocer, a landlord, a retailer, or anyone of the 2737429193 entities who may have a little extra data on them.
Edit: To address some of the comments, I feel I need to clear something up. I’m not saying this is some authoritarian configuration error ADP messed up on. It’s a standard login that works conveniently for ADP and also happens to be negligent in privacy protection. And it’s most likely completely legal for most people in the U.S.
I saw the need help signing in option. But after entering name and phone number, I had to enter last 4 of SSN, which I think is harder to find out
Additionally, afterwards I got an email that my user ID was requested
Same at immediately asked me for my social security number. So you would need to know my first name last name my phone number or email and my social security. I’m not sure what else they could do to protect it outside of two factor