In response to an ongoing incident, JumpCloud has reset the admin Utility Programming Interface (API) keys for affected prospects.
In a notice despatched to impacted prospects and verified by Infosecurity, JumpCloud emphasised the precautionary nature of the motion and its goal of safeguarding delicate data.
“Out of an abundance of warning regarding an ongoing incident, JumpCloud has invalidated your present API keys. We now have achieved this to guard your group and operations,” the corporate wrote.
To help prospects within the course of, JumpCloud offered a information to reset the API keys and supplied a guided simulation for additional help. The corporate urged affected prospects to observe the offered directions promptly.
Noticeably, as soon as an Admin’s API Secret is invalidated, that API key related to that Admin will not work. It will affect numerous functionalities, together with AD Import, HRIS integrations, JumpCloud Powershell Module and Jumpcloud-Slack-App.
It can additionally have an effect on the Listing Insights Serverless App, ADMU, third get together MDM Zero-touch packages, Command Triggers, Okta SCIM integration, Azure AD SCIM integration and integrations constructed to create/replace customers and/or gadgets utilizing third get together instruments like Workato, Aquera, Tray.io, in addition to automation and customized purposes, amongst others.
Learn extra on API safety: Why API Safety Might Be the Subsequent Large Factor in Cyber
JumpCloud additionally acknowledged the potential disruption attributable to the motion however assured prospects that it was taken of their greatest curiosity.
“We apologize for any disruption this causes you and your group, however the motion was taken in your behalf as probably the most prudent plan of action,” JumpCloud stated.
Moreover, the corporate pledged to maintain affected prospects knowledgeable in regards to the incident, promising to supply extra updates by way of e-mail. It additionally prolonged its assist to prospects who require help in resetting or recreating their API keys.
Affected prospects are suggested to take speedy motion and reset their API keys to make sure the safety of their techniques.
Infosecurity has reached out to JumpCloud for remark, however the firm they didn’t present an instantaneous response on the time of publication.
The JumpCloud advisory comes days after the US Patent and Trademark Workplace (USPTO) disclosed an information safety incident associated to an API flaw in its Trademark Standing and Doc Overview system (TSDR).
