Malicious actors can use our API calls to pull credentials based on its current structure (first name + last name + six digits) and grab credentials accredited to users with the same name. They can then share this credential on LinkedIn / use it on their CVs.