In response to the ongoing incident, JumpCloud has reset the management application programming interface (API) keys for affected customers.
by notice Sent to affected customers and verified Information securityJumpCloud emphasized the preventive nature of this action and its purpose to protect sensitive information.
“Out of an abundance of caution in connection with the ongoing incident, JumpCloud has disabled existing API keys. We have done this to protect your organization and operations,” the company wrote.
To assist our customers in the process, JumpCloud provided a guide to reset API keys and provided a guided simulation to further assist. The company urged affected customers to promptly follow the instructions provided.
Notably, once an admin’s API key is revoked, the API keys associated with that admin will no longer work. This affects various features such as AD import, HRIS integration, JumpCloud Powershell module, Jumpcloud-Slack-App, etc.
Also built for creating/updating users and devices using Directory Insights serverless app, ADMU, 3rd party MDM zero-touch packages, command triggers, Okta SCIM integration, Azure AD SCIM integration, and 3rd party tools like Workato It also affects integrations that have been created. Such as Aquera, Tray.io, and automation and custom applications.
Read more about API security: Why API security could be the next big thing in cyber
JumpCloud also acknowledged the potential disruption caused by this action, but assured that it was done in the best interests of its customers.
“We apologize for the confusion this has caused you and your organization, but this action was taken on your behalf as the smartest move,” JumpCloud said.
Additionally, the company promised to keep affected customers informed about the incident and promised to provide additional updates via email. We have also extended our support to customers who need help resetting or recreating API keys.
Affected customers are encouraged to take immediate action to reset their API keys and ensure the security of their systems.
Information security reached out to JumpCloud for comment, but the company did not immediately respond at the time of publication.
JumpCloud’s advisory comes days after the United States Patent and Trademark Office (USPTO) disclosed a data security incident related to flaws in the Trademark Status and Document Examination System (TSDR) API.
