Embedded software security firm Sonarsource has found hardcoded Facebook API keys in the binary code of US network security firm GlassWire’s Windows app.
The findings mean that any user of the app would be able to access the keys and potentially take control of GlassWire’s Facebook presence, change app settings or generate access tokens.
GlassWire has since updated the app, resetting the API keys and advising users to update to the latest version.
It also offered a reward of $1,000 for the report by Sonarsource, which highlighted the issue on bug- bounty platform HackerOne.
This is the second time this year that GlassWire has apologised for inadvertently exposing sensitive data.
In June, the company was remanded over a data leak that exposed billions of records.