JumpCloud reset API keys following security incident

News
By published

Undisclosed security incident affects all JumpCloud users

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

JumpCloud has confirmed it reset customer API keys following a “security incident” earlier in July 2023, leaving customers who missed the advisory notice with disrupted services.

In a blog post, company CISO Bob Phan explained: “The security threats that we face, as an industry, are unprecedented and require strong collaboration from all constituents.”

Details of the security incident remain sparse, but Phan disclosed that unauthorized access by a sophisticated nation-state-sponsored threat actor saw a “small and specific” set of cloud storage customers targeted, who were notified prior to the public blog post.

JumpCloud security incident

In response to the attack, JumpCloud says that it has been working with both incident response partners and law enforcement in order to prevent such future attacks, claiming that “the attack vector used by the threat actor has been mitigated.”

Read more

> These are the best cloud backup services

> Cloud remains the biggest target for cyberattacks

> Cyberattacks are rising across the world - here's what you need to know

The API key reset on July 5 followed “unusual activity in the commands framework” on the same day. Phan said that the spear-phishing campaign could be traced back to June 22.

Despite expressing a commitment to providing “ transparent and timely information,” some have expressed their concern over the incident.

Nick Rago, Field CTO at Salt Security, a company whose mission it is to make APIs attack-proof, said that the incident must have been “pretty significant” for JumpCloud to have taken the action it did across its whole customer base.

Rago continued: “there doesn't seem to be much transparency at this time into what the security incident was or how long API keys might have been potentially exposed, or how they are remedying this type of incident from happening again.”

Salt Security’s Field CTO suggests that enterprise users should look to lock down API access to their account from a whitelist of locations in order to limit attack risk.

JumpCloud’s Phan promised that the company would continue to enhance its security measures to prevent future attacks, collaborating with industry partners and governments. 

Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!