In response to an ongoing incident, JumpCloud has reset the admin Application Programming Interface (API) keys for affected customers.
In a notice sent to impacted customers and verified by Infosecurity, JumpCloud emphasized the precautionary nature of the action and its purpose of safeguarding sensitive information.
“Out of an abundance of caution relating to an ongoing incident, JumpCloud has invalidated your existing API keys. We have done this to protect your organization and operations,” the company wrote.
To assist customers in the process, JumpCloud provided a guide to reset the API keys and offered a guided simulation for further assistance. The company urged affected customers to follow the provided instructions promptly.
Noticeably, once an Admin’s API Key is invalidated, that API key associated with that Admin will no longer work. This will impact various functionalities, including AD Import, HRIS integrations, JumpCloud Powershell Module and Jumpcloud-Slack-App.
It will also affect the Directory Insights Serverless App, ADMU, 3rd party MDM Zero-touch packages, Command Triggers, Okta SCIM integration, Azure AD SCIM integration and integrations built to create/update users and/or devices using 3rd party tools like Workato, Aquera, Tray.io, as well as automation and custom applications, among others.
Read more on API security: Why API Security Could Be the Next Big Thing in Cyber
JumpCloud also acknowledged the potential disruption caused by the action but assured customers that it was taken in their best interest.
“We apologize for any disruption this causes you and your organization, but the action was taken on your behalf as the most prudent course of action,” JumpCloud said.
Additionally, the company pledged to keep affected customers informed about the incident, promising to provide additional updates via email. It also extended its support to customers who require assistance in resetting or recreating their API keys.
Affected customers are advised to take immediate action and reset their API keys to ensure the security of their systems.
Infosecurity has reached out to JumpCloud for comment, but the company they did not provide an immediate response at the time of publication.
The JumpCloud advisory comes days after the US Patent and Trademark Office (USPTO) disclosed a data security incident related to an API flaw in its Trademark Status and Document Review system (TSDR).