JumpCloud resets admin API keys amid ‘ongoing incident’ – Source: www.bleepingcomputer.com

JumpCloud, a US-based enterprise software firm is notifying several customers of an “ongoing incident.”

As a caution, the company has invalidated existing admin API keys to protect its customer organizations. Affected organizations will need to generate new keys.

Headquartered in Louisville, Colorado, and launched in 2013, the cloud-based directory-as-a-service platform serves over 180,000 organizations across more than 160 countries.

JumpCloud invalidates API keys

This morning, BleepingComputer received a tip off from an anonymous reader alerting us to a potential security incident at JumpCloud.

The reader in question is among JumpCloud customers who received an email today from the firm stating that existing admin API keys had been invalidated while JumpCloud investigates an “ongoing incident.”

“Out of an abundance of caution relating to an ongoing incident, JumpCloud has invalidated your existing API keys. We have done this to protect your organization and operations.” reads the email notification, aimed at JumpCloud Admins.

“We apologize for any disruption this causes you and your organization, but the action was taken on your behalf as the most prudent course of action.”

The cloud-based security service has asked affected customers, specifically Admins who are “currently using their API key or an integration that relies on a JumpCloud admin API key” to generate a new API key(s) and update integrations with the new API keys.

“Once an Admin’s API Key is invalidated, that API key associated to that Admin will no longer work. This will impact any of the following,” states a security notice.

• AD Import 
• HRIS integrations
• JumpCloud Powershell Module
• Jumpcloud-Slack-App
• Directory Insights Serverless App
• ADMU
• 3rd party MDM Zero-touch packages
• Command Triggers
• Okta SCIM integration
• Azure AD SCIM integration
• Integrations built to create/update users and/or devices using 3rd party tools like Workato, Aquera, Tray,io, etc.
• Automations and custom applications, and any other use cases that involve an Administrators JumpCloud API key. 

Earlier this year, JumpCloud was investigating potential impact to its customers as a result of January’s CircleCI security incident.

BleepingComputer has contacted JumpCloud with questions related to the nature of the incident, its scope, and the overall impact. We are awaiting additional details.