JumpCloud reset API keys following security incident

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

JumpCloud has confirmed it reset customer API keys following a “security incident” earlier in July 2023, leaving customers who missed the advisory notice with disrupted services.

In a blog post, company CISO Bob Phan explained: “The security threats that we face, as an industry, are unprecedented and require strong collaboration from all constituents.”

Details of the security incident remain sparse, but Phan disclosed that unauthorized access by a sophisticated nation-state-sponsored threat actor saw a “small and specific” set of cloud storage customers targeted, who were notified prior to the public blog post.

JumpCloud security incident

In response to the attack, JumpCloud says that it has been working with both incident response partners and law enforcement in order to prevent such future attacks, claiming that “the attack vector used by the threat actor has been mitigated.”

The API key reset on July 5 followed “unusual activity in the commands framework” on the same day. Phan said that the spear-phishing campaign could be traced back to June 22.

Despite expressing a commitment to providing “ transparent and timely information,” some have expressed their concern over the incident.

Nick Rago, Field CTO at Salt Security, a company whose mission it is to make APIs attack-proof, said that the incident must have been “pretty significant” for JumpCloud to have taken the action it did across its whole customer base.

Rago continued: “there doesn't seem to be much transparency at this time into what the security incident was or how long API keys might have been potentially exposed, or how they are remedying this type of incident from happening again.”

Salt Security’s Field CTO suggests that enterprise users should look to lock down API access to their account from a whitelist of locations in order to limit attack risk.

JumpCloud’s Phan promised that the company would continue to enhance its security measures to prevent future attacks, collaborating with industry partners and governments. 

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Read more
An abstract image of padlocks overlaying a digital background.
BeyondTrust says hackers hit its remote support products
Representational image depecting cybersecurity protection
Top venture capital firm Insight Partners confirms it was hit by cyberattack
Avast cybersecurity
Zapier tells customers their data may have been accessed
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
vpn
Nominet says it was hit by cyberattack following recent Ivanti VPN security issue
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
Latest in Pro
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
European Union technical background
EU tech companies push for digital sovereignty, reducing reliance on US and others
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
3D version of the Adobe logo
Adobe Summit 2025 - all the news and updates as it happens
Latest in News
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
Nintendo Switch 2
Nintendo Switch 2 expected to have AI upscaling and I can't wait to finally play Tears of the Kingdom with upgraded graphics
PowerColor Red Devil AMD RX 9070 XT graphics card shown side-on
Your next GPU could be from AMD, not Nvidia, if Team Red’s success with PC gamers continues
Intel Lunar Lake concept
Intel's Panther Lake processors won't arrive until Q1 2026 - corroborates previous delay rumors despite former Intel CEO's promise of 2025 launch