Katapult.com
| Primary URL | Location | Industry | katapult[.]com |
Country
United States of America
|
Financial Services
|
|---|
Profile
Katapult.com operates under the alias Katapult.com and is headquartered in the United States of America. The organization functions as a commercial entity accessible via its domain name. Specific details about its core products, services, or market focus are not disclosed in the available sources. Consequently, any description of its business scope remains unspecified.
On October 28, 2020, a threat actor advertised stolen user databases from seventeen companies, including Katapult.com, on a hacker forum. The advertised collection aggregated approximately thirty‑four million records and was offered by a broker rather than the original attacker. The dataset associated with Katapult.com contained email addresses and passwords that were protected using PBKDF2‑SHA256 hashing. No personal identifiers such as names, phone numbers, or financial details were reported as part of Katapult's exposed data. The seller claimed to have obtained the databases from disparate breaches and was attempting to monetize them through private sales prior to any potential public release. At the time of the report, Katapult.com had not publicly confirmed the compromise, while only one of the other impacted organizations had acknowledged the incident. The incident highlights the risk of credential aggregation and resale in underground markets. This event remains a notable security event in the organization's known history.
