Data Breaches

JumpCloud Says All API Keys Invalidated to Protect Customers

JumpCloud is responding to an incident that has triggered a reset of all API keys in order to protect customers and their operations.

JumpCloud is responding to an incident that has triggered a reset of all API keys in order to protect customers and their operations.

Device, identity and access management solutions provider JumpCloud has reset customer API keys in response to an “ongoing incident”.

JumpCloud has yet to share any information, but notifications sent to customers suggest that it’s dealing with a security incident. The company said existing API keys have been invalidated to protect the customer’s “organization and operations”.

“We apologize for any disruption this causes you and your organization,” the company told users, “but the action was taken on your behalf as the most prudent course of action.” 

While JumpCloud’s status pages make no mention of the incident, the company has published a support page informing admins that all API keys have been invalidated, impacting several features and integrations. The page provides instructions for generating new API keys.

“Out of an abundance of caution relating to an ongoing incident, JumpCloud has decided to invalidate all API Keys for JumpCloud Admins,” reads a message on that support page.

SecurityWeek has reached out to JumpCloud for more information and will update this article if the company responds. 

Advertisement. Scroll to continue reading.

Related: JumpCloud Raises $159 Million at $2.56 Billion Valuation

Related: Thousands of Secret Keys Found in Leaked Samsung Source Code

Related: Leaked Algolia API Keys Exposed Data of Millions of Users

Related: Credential Leakage Fueling Rise in API Breaches

Related Content

Artificial Intelligence

Dozens of such keys can be extracted from apps’ decompiled code to gain access to all Gemini endpoints.

Network Security

Akamai warns that Layer 7 DDoS, API abuse and AI-powered attacks are merging into coordinated, multi-vector campaigns that are harder to detect and defend...

Application Security

New research shows attackers increasingly abusing APIs at machine speed as AI-driven systems widen exposure and amplify impact.

Application Security

API cybersecurity will be a ping pong ball, battered between the rackets of AI-assisted attackers and AI-assisted defenders.

Vulnerabilities

The issue allows attackers to write arbitrary data to any file, or delete arbitrary files to obtain System privileges.

Cybersecurity Funding

The Italian startup will use the investment to build proprietary AI models, accelerate global expansion, and hire new talent.

Artificial Intelligence

An attacker can inject indirect prompts to trick the model into harvesting user data and sending it to the attacker’s account.

Application Security

Lemonade says the incident is not material and that its operations were not compromised, nor was its customer data targeted.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version