Logged out of Facebook on all devices on a sudden. Should I be worried about being hacked?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
1
down vote

favorite












A while ago, I was opening Facebook app on Android and then I got the message "Session expired. Please log in again.". I then tried logging in with my current password and was success to log in my account. Before, long time ago, when I created this account, I'd set up two-factor authentication for my account and when I checked after I did the log in, it was still active.



After that, I opened my laptop and Chrome then went to Facebook, just to find out that the session on PC was also logged out. After I logged back in, I went to security under settings and checked the section "When you're logged in" and I saw that all of the past logged in entries are gone. The only entries I got were those log in on my phone and my laptop (also appeared to be my trusted devices).



I was thinking of someone had tried (and succeeded?) to access my account, then logged out of all current sessions. However, I did not get any suspicious prompt on my phone to authenticate an unusual log in (Like "Did you just logged in near location xxxxx?"), also no warning email from my registered email telling me about my account being accessed on an unrecognized browser or computer.



Tl;dr: Facebook account suddenly got logged out of all devices, password was not changed, logged in entries are gone, no email warning about account being compromised, no two-factor authentication prompt showed up.



My questions are:



  • Are there any chances that someone was successfully able to get into my account? If yes, then how could they bypass the two-factor authentication?


  • Is that incident normal or I should take security actions?


Thank you!






authentication passwords account-security facebook social-media







share|improve this question







New contributor




MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • Which 2FA method do you use? I don't remember which methods Facebook provides, but SMS are weak because someone can impersonate you and obtain a SIM with your number easily, thus receiving the SMS instead of you (happened several times. There was a serial impersonificator that targetted big youtube creators and deleted their channels. They did this to multiple creators). However if this was the case your SIM shouldn't be working right now. Other types of 2FA would be harder to break without getting access to the trusted device. Maybe the sessions just expired.
    – Giacomo Alzetta
    5 hours ago










  • I use both SMS and the Code Generator from the Facebook for Android app. About the SMS, my SIM is still working fine. For the Code Generator, I actually don't have to open the Facebook app to get the OTP code. There will be a prompt in the swipe-down notification bar, I can click "Yes" to verify my log in, or "No" in case of suspicious activities. After I clicked "Yes", the browser will automatically redirect me to the News Feed.
    – MattCat15
    5 hours ago










  • I believe you should remove SMS. They do not really add any security and in fact they reduce it by alot (as I said: it's quite easy to convince someone at a SIM shop to give you a SIM for an existing number. So basically it renders your password useless). AFAIK from what you told I don't think anything fishy about this, maybe you created the sessions on all your devices almost at the same time and they all expired in a short period of time.
    – Giacomo Alzetta
    5 hours ago
















up vote
1
down vote

favorite












A while ago, I was opening Facebook app on Android and then I got the message "Session expired. Please log in again.". I then tried logging in with my current password and was success to log in my account. Before, long time ago, when I created this account, I'd set up two-factor authentication for my account and when I checked after I did the log in, it was still active.



After that, I opened my laptop and Chrome then went to Facebook, just to find out that the session on PC was also logged out. After I logged back in, I went to security under settings and checked the section "When you're logged in" and I saw that all of the past logged in entries are gone. The only entries I got were those log in on my phone and my laptop (also appeared to be my trusted devices).



I was thinking of someone had tried (and succeeded?) to access my account, then logged out of all current sessions. However, I did not get any suspicious prompt on my phone to authenticate an unusual log in (Like "Did you just logged in near location xxxxx?"), also no warning email from my registered email telling me about my account being accessed on an unrecognized browser or computer.



Tl;dr: Facebook account suddenly got logged out of all devices, password was not changed, logged in entries are gone, no email warning about account being compromised, no two-factor authentication prompt showed up.



My questions are:



  • Are there any chances that someone was successfully able to get into my account? If yes, then how could they bypass the two-factor authentication?


  • Is that incident normal or I should take security actions?


Thank you!






authentication passwords account-security facebook social-media







share|improve this question







New contributor




MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • Which 2FA method do you use? I don't remember which methods Facebook provides, but SMS are weak because someone can impersonate you and obtain a SIM with your number easily, thus receiving the SMS instead of you (happened several times. There was a serial impersonificator that targetted big youtube creators and deleted their channels. They did this to multiple creators). However if this was the case your SIM shouldn't be working right now. Other types of 2FA would be harder to break without getting access to the trusted device. Maybe the sessions just expired.
    – Giacomo Alzetta
    5 hours ago










  • I use both SMS and the Code Generator from the Facebook for Android app. About the SMS, my SIM is still working fine. For the Code Generator, I actually don't have to open the Facebook app to get the OTP code. There will be a prompt in the swipe-down notification bar, I can click "Yes" to verify my log in, or "No" in case of suspicious activities. After I clicked "Yes", the browser will automatically redirect me to the News Feed.
    – MattCat15
    5 hours ago










  • I believe you should remove SMS. They do not really add any security and in fact they reduce it by alot (as I said: it's quite easy to convince someone at a SIM shop to give you a SIM for an existing number. So basically it renders your password useless). AFAIK from what you told I don't think anything fishy about this, maybe you created the sessions on all your devices almost at the same time and they all expired in a short period of time.
    – Giacomo Alzetta
    5 hours ago












up vote
1
down vote

favorite









up vote
1
down vote

favorite











A while ago, I was opening Facebook app on Android and then I got the message "Session expired. Please log in again.". I then tried logging in with my current password and was success to log in my account. Before, long time ago, when I created this account, I'd set up two-factor authentication for my account and when I checked after I did the log in, it was still active.



After that, I opened my laptop and Chrome then went to Facebook, just to find out that the session on PC was also logged out. After I logged back in, I went to security under settings and checked the section "When you're logged in" and I saw that all of the past logged in entries are gone. The only entries I got were those log in on my phone and my laptop (also appeared to be my trusted devices).



I was thinking of someone had tried (and succeeded?) to access my account, then logged out of all current sessions. However, I did not get any suspicious prompt on my phone to authenticate an unusual log in (Like "Did you just logged in near location xxxxx?"), also no warning email from my registered email telling me about my account being accessed on an unrecognized browser or computer.



Tl;dr: Facebook account suddenly got logged out of all devices, password was not changed, logged in entries are gone, no email warning about account being compromised, no two-factor authentication prompt showed up.



My questions are:



  • Are there any chances that someone was successfully able to get into my account? If yes, then how could they bypass the two-factor authentication?


  • Is that incident normal or I should take security actions?


Thank you!






authentication passwords account-security facebook social-media







share|improve this question







New contributor




MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











A while ago, I was opening Facebook app on Android and then I got the message "Session expired. Please log in again.". I then tried logging in with my current password and was success to log in my account. Before, long time ago, when I created this account, I'd set up two-factor authentication for my account and when I checked after I did the log in, it was still active.



After that, I opened my laptop and Chrome then went to Facebook, just to find out that the session on PC was also logged out. After I logged back in, I went to security under settings and checked the section "When you're logged in" and I saw that all of the past logged in entries are gone. The only entries I got were those log in on my phone and my laptop (also appeared to be my trusted devices).



I was thinking of someone had tried (and succeeded?) to access my account, then logged out of all current sessions. However, I did not get any suspicious prompt on my phone to authenticate an unusual log in (Like "Did you just logged in near location xxxxx?"), also no warning email from my registered email telling me about my account being accessed on an unrecognized browser or computer.



Tl;dr: Facebook account suddenly got logged out of all devices, password was not changed, logged in entries are gone, no email warning about account being compromised, no two-factor authentication prompt showed up.



My questions are:



  • Are there any chances that someone was successfully able to get into my account? If yes, then how could they bypass the two-factor authentication?


  • Is that incident normal or I should take security actions?


Thank you!






authentication passwords account-security facebook social-media




authentication passwords account-security facebook social-media






share|improve this question







New contributor




MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question







New contributor




MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question






New contributor




MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 5 hours ago









MattCat15

82




82




New contributor




MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











  • Which 2FA method do you use? I don't remember which methods Facebook provides, but SMS are weak because someone can impersonate you and obtain a SIM with your number easily, thus receiving the SMS instead of you (happened several times. There was a serial impersonificator that targetted big youtube creators and deleted their channels. They did this to multiple creators). However if this was the case your SIM shouldn't be working right now. Other types of 2FA would be harder to break without getting access to the trusted device. Maybe the sessions just expired.
    – Giacomo Alzetta
    5 hours ago










  • I use both SMS and the Code Generator from the Facebook for Android app. About the SMS, my SIM is still working fine. For the Code Generator, I actually don't have to open the Facebook app to get the OTP code. There will be a prompt in the swipe-down notification bar, I can click "Yes" to verify my log in, or "No" in case of suspicious activities. After I clicked "Yes", the browser will automatically redirect me to the News Feed.
    – MattCat15
    5 hours ago










  • I believe you should remove SMS. They do not really add any security and in fact they reduce it by alot (as I said: it's quite easy to convince someone at a SIM shop to give you a SIM for an existing number. So basically it renders your password useless). AFAIK from what you told I don't think anything fishy about this, maybe you created the sessions on all your devices almost at the same time and they all expired in a short period of time.
    – Giacomo Alzetta
    5 hours ago
















  • Which 2FA method do you use? I don't remember which methods Facebook provides, but SMS are weak because someone can impersonate you and obtain a SIM with your number easily, thus receiving the SMS instead of you (happened several times. There was a serial impersonificator that targetted big youtube creators and deleted their channels. They did this to multiple creators). However if this was the case your SIM shouldn't be working right now. Other types of 2FA would be harder to break without getting access to the trusted device. Maybe the sessions just expired.
    – Giacomo Alzetta
    5 hours ago










  • I use both SMS and the Code Generator from the Facebook for Android app. About the SMS, my SIM is still working fine. For the Code Generator, I actually don't have to open the Facebook app to get the OTP code. There will be a prompt in the swipe-down notification bar, I can click "Yes" to verify my log in, or "No" in case of suspicious activities. After I clicked "Yes", the browser will automatically redirect me to the News Feed.
    – MattCat15
    5 hours ago










  • I believe you should remove SMS. They do not really add any security and in fact they reduce it by alot (as I said: it's quite easy to convince someone at a SIM shop to give you a SIM for an existing number. So basically it renders your password useless). AFAIK from what you told I don't think anything fishy about this, maybe you created the sessions on all your devices almost at the same time and they all expired in a short period of time.
    – Giacomo Alzetta
    5 hours ago















Which 2FA method do you use? I don't remember which methods Facebook provides, but SMS are weak because someone can impersonate you and obtain a SIM with your number easily, thus receiving the SMS instead of you (happened several times. There was a serial impersonificator that targetted big youtube creators and deleted their channels. They did this to multiple creators). However if this was the case your SIM shouldn't be working right now. Other types of 2FA would be harder to break without getting access to the trusted device. Maybe the sessions just expired.
– Giacomo Alzetta
5 hours ago




Which 2FA method do you use? I don't remember which methods Facebook provides, but SMS are weak because someone can impersonate you and obtain a SIM with your number easily, thus receiving the SMS instead of you (happened several times. There was a serial impersonificator that targetted big youtube creators and deleted their channels. They did this to multiple creators). However if this was the case your SIM shouldn't be working right now. Other types of 2FA would be harder to break without getting access to the trusted device. Maybe the sessions just expired.
– Giacomo Alzetta
5 hours ago












I use both SMS and the Code Generator from the Facebook for Android app. About the SMS, my SIM is still working fine. For the Code Generator, I actually don't have to open the Facebook app to get the OTP code. There will be a prompt in the swipe-down notification bar, I can click "Yes" to verify my log in, or "No" in case of suspicious activities. After I clicked "Yes", the browser will automatically redirect me to the News Feed.
– MattCat15
5 hours ago




I use both SMS and the Code Generator from the Facebook for Android app. About the SMS, my SIM is still working fine. For the Code Generator, I actually don't have to open the Facebook app to get the OTP code. There will be a prompt in the swipe-down notification bar, I can click "Yes" to verify my log in, or "No" in case of suspicious activities. After I clicked "Yes", the browser will automatically redirect me to the News Feed.
– MattCat15
5 hours ago












I believe you should remove SMS. They do not really add any security and in fact they reduce it by alot (as I said: it's quite easy to convince someone at a SIM shop to give you a SIM for an existing number. So basically it renders your password useless). AFAIK from what you told I don't think anything fishy about this, maybe you created the sessions on all your devices almost at the same time and they all expired in a short period of time.
– Giacomo Alzetta
5 hours ago




I believe you should remove SMS. They do not really add any security and in fact they reduce it by alot (as I said: it's quite easy to convince someone at a SIM shop to give you a SIM for an existing number. So basically it renders your password useless). AFAIK from what you told I don't think anything fishy about this, maybe you created the sessions on all your devices almost at the same time and they all expired in a short period of time.
– Giacomo Alzetta
5 hours ago










1 Answer
1






active

oldest

votes

















up vote
5
down vote



accepted










Facebook reported a data leak today and forced a large number of accounts to log off as a precaution. Source: NY Times and Facebook.






share|improve this answer




















  • Thank you for your answer. According to the link in your answer, it seems like Facebook did some token reset. That might explain why I was asked to log in again on all of my devices. I'll take some actions on this.
    – MattCat15
    2 hours ago










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);






MattCat15 is a new contributor. Be nice, and check out our Code of Conduct.









 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f194667%2flogged-out-of-facebook-on-all-devices-on-a-sudden-should-i-be-worried-about-bei%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
5
down vote



accepted










Facebook reported a data leak today and forced a large number of accounts to log off as a precaution. Source: NY Times and Facebook.






share|improve this answer




















  • Thank you for your answer. According to the link in your answer, it seems like Facebook did some token reset. That might explain why I was asked to log in again on all of my devices. I'll take some actions on this.
    – MattCat15
    2 hours ago














up vote
5
down vote



accepted










Facebook reported a data leak today and forced a large number of accounts to log off as a precaution. Source: NY Times and Facebook.






share|improve this answer




















  • Thank you for your answer. According to the link in your answer, it seems like Facebook did some token reset. That might explain why I was asked to log in again on all of my devices. I'll take some actions on this.
    – MattCat15
    2 hours ago












up vote
5
down vote



accepted







up vote
5
down vote



accepted






Facebook reported a data leak today and forced a large number of accounts to log off as a precaution. Source: NY Times and Facebook.






share|improve this answer












Facebook reported a data leak today and forced a large number of accounts to log off as a precaution. Source: NY Times and Facebook.







share|improve this answer












share|improve this answer



share|improve this answer










answered 2 hours ago









Teun Vink

4,14911728




4,14911728











  • Thank you for your answer. According to the link in your answer, it seems like Facebook did some token reset. That might explain why I was asked to log in again on all of my devices. I'll take some actions on this.
    – MattCat15
    2 hours ago
















  • Thank you for your answer. According to the link in your answer, it seems like Facebook did some token reset. That might explain why I was asked to log in again on all of my devices. I'll take some actions on this.
    – MattCat15
    2 hours ago















Thank you for your answer. According to the link in your answer, it seems like Facebook did some token reset. That might explain why I was asked to log in again on all of my devices. I'll take some actions on this.
– MattCat15
2 hours ago




Thank you for your answer. According to the link in your answer, it seems like Facebook did some token reset. That might explain why I was asked to log in again on all of my devices. I'll take some actions on this.
– MattCat15
2 hours ago










MattCat15 is a new contributor. Be nice, and check out our Code of Conduct.









 

draft saved


draft discarded


















MattCat15 is a new contributor. Be nice, and check out our Code of Conduct.












MattCat15 is a new contributor. Be nice, and check out our Code of Conduct.











MattCat15 is a new contributor. Be nice, and check out our Code of Conduct.













 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f194667%2flogged-out-of-facebook-on-all-devices-on-a-sudden-should-i-be-worried-about-bei%23new-answer', 'question_page');

);

Post as a guest
































































Comments

Post a Comment

Popular posts from this blog

Long meetings (6-7 hours a day): Being “babysat” by supervisor

Image
Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 31 down vote favorite 4 I hold a PhD in mechanical engineering with a 7 year background in self-guided, self-paced research including 2 years as a graduate level course instructor and a subject matter expert for various engineering projects in a university setting in the United States. For the last 10-11 months, I am working in a research industry in France where my task is to debug C++ spaghetti code written over a period of several years by my current supervisor. It is a team of 2: just I and my supervisor. Diurnally, I am posed with a "bug of the day" to get out of this C++ code. My supervisor generally gives me about 15-30 minutes to solve it and then accosts me about whether or not the task is completed and then rinses and repeats this until the end of the day. Off-late, my supervisor has been holding 6-7 hour long "meetin
Read more

Is the Concept of Multiple Fantasy Races Scientifically Flawed? [closed]

Image
Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite Many fantasy worlds have multiple humanoid species (elves, orcs, humans, etc) living in the same world, in addition to that, they often have the ability to interbreed. And I can't help but question their believability... fantasy-races reproduction interspecies-relations share | improve this question edited Aug 9 at 14:46 Michael Kjörling ♦ 21.1k 10 85 161 asked Aug 9 at 13:13 Chlodio 118 6 closed as unclear what you're asking by MichaelK, Gryphon, John, Vincent, Frostfyre Aug 9 at 15:25 Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question. 3 Stack Exchange exist to
Read more

Confectionery

Image
Prepared foods made with a lot of sugar or other cabohydrates "Sweetmeat" redirects here. For the racehorse, see Sweetmeat (horse). Not to be confused with Sweetbread. This Kransekake is a traditional Scandinavian baker's confection. Confectionery is the art of making confections , which are food items that are rich in sugar and carbohydrates. Exact definitions are difficult. [1] In general, though, confectionery is divided into two broad and somewhat overlapping categories, bakers' confections and sugar confections. [2] Bakers' confectionery, also called flour confections , includes principally sweet pastries, cakes, and similar baked goods. Sugar confectionery includes candies ( sweets in British English), candied nuts, chocolates, chewing gum, bubble gum, pastillage, and other confections that are made primarily of sugar. In some cases, chocolate confections (confections made of chocolate) are treated as a separate category, as are sugar-free versions of
Read more