JumpCloud has told customers it reset their API keys to protect their organizations from an apparent security incident.
The directory, identity, and access management giant said in an email to customers that it was experiencing an “ongoing incident” but did not provide specifics. In a support post on its site, the company said the resets were “out of an abundance of caution.”
The Louisville, Colorado-based technology provides cloud file directory and device security, such as single sign-on and multi-factor authentication, for corporations and organizations. JumpCloud says it provides its technology to more than 180,000 organizations, with more than 5,000 paying customers.
It’s not uncommon for companies to offer API keys that allow customers to integrate that technology into their own tech stack and different systems to talk to each other. Given that API keys are treated like passwords or other secrets, rotating or invalidating customer API keys is not likely to be taken lightly, given the downstream impact on customers whose integrations with other services would break and cause disruption.
It’s not clear what ongoing incident JumpCloud is responding to, and a spokesperson for JumpCloud did not return a request for comment.
JumpCloud last raised $159 million at Series F in 2021, valuing the company at more than $2.5 billion.
If you know more about the JumpCloud incident or work at the company, get in touch with the security desk on Signal and WhatsApp at +1 646-755-8849 or zack.whittaker@techcrunch.com by email.
JumpCloud resets customer API keys citing ‘ongoing incident’ by Zack Whittaker originally published on TechCrunch
https://techcrunch.com/2023/07/10/jumpcloud-api-keys-ongoing-incident/