Technically, Plaid doesn't have access in a sanctioned way. You pretty much guaranteed violate any electronic banking ToS by sharing credentials with a third party.
Only if Plaid weren't a company that has contracts in place with every single bank they offer to access their services without being sued (despite the fact that the antique tech stacks these banks have don't allow Plaid to use oauth in most cases).
