Logged out of Facebook on all devices on a sudden. Should I be worried about being hacked?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
1
down vote

favorite












A while ago, I was opening Facebook app on Android and then I got the message "Session expired. Please log in again.". I then tried logging in with my current password and was success to log in my account. Before, long time ago, when I created this account, I'd set up two-factor authentication for my account and when I checked after I did the log in, it was still active.



After that, I opened my laptop and Chrome then went to Facebook, just to find out that the session on PC was also logged out. After I logged back in, I went to security under settings and checked the section "When you're logged in" and I saw that all of the past logged in entries are gone. The only entries I got were those log in on my phone and my laptop (also appeared to be my trusted devices).



I was thinking of someone had tried (and succeeded?) to access my account, then logged out of all current sessions. However, I did not get any suspicious prompt on my phone to authenticate an unusual log in (Like "Did you just logged in near location xxxxx?"), also no warning email from my registered email telling me about my account being accessed on an unrecognized browser or computer.



Tl;dr: Facebook account suddenly got logged out of all devices, password was not changed, logged in entries are gone, no email warning about account being compromised, no two-factor authentication prompt showed up.



My questions are:



  • Are there any chances that someone was successfully able to get into my account? If yes, then how could they bypass the two-factor authentication?


  • Is that incident normal or I should take security actions?


Thank you!










share|improve this question







New contributor




MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • Which 2FA method do you use? I don't remember which methods Facebook provides, but SMS are weak because someone can impersonate you and obtain a SIM with your number easily, thus receiving the SMS instead of you (happened several times. There was a serial impersonificator that targetted big youtube creators and deleted their channels. They did this to multiple creators). However if this was the case your SIM shouldn't be working right now. Other types of 2FA would be harder to break without getting access to the trusted device. Maybe the sessions just expired.
    – Giacomo Alzetta
    5 hours ago










  • I use both SMS and the Code Generator from the Facebook for Android app. About the SMS, my SIM is still working fine. For the Code Generator, I actually don't have to open the Facebook app to get the OTP code. There will be a prompt in the swipe-down notification bar, I can click "Yes" to verify my log in, or "No" in case of suspicious activities. After I clicked "Yes", the browser will automatically redirect me to the News Feed.
    – MattCat15
    5 hours ago










  • I believe you should remove SMS. They do not really add any security and in fact they reduce it by alot (as I said: it's quite easy to convince someone at a SIM shop to give you a SIM for an existing number. So basically it renders your password useless). AFAIK from what you told I don't think anything fishy about this, maybe you created the sessions on all your devices almost at the same time and they all expired in a short period of time.
    – Giacomo Alzetta
    5 hours ago
















up vote
1
down vote

favorite












A while ago, I was opening Facebook app on Android and then I got the message "Session expired. Please log in again.". I then tried logging in with my current password and was success to log in my account. Before, long time ago, when I created this account, I'd set up two-factor authentication for my account and when I checked after I did the log in, it was still active.



After that, I opened my laptop and Chrome then went to Facebook, just to find out that the session on PC was also logged out. After I logged back in, I went to security under settings and checked the section "When you're logged in" and I saw that all of the past logged in entries are gone. The only entries I got were those log in on my phone and my laptop (also appeared to be my trusted devices).



I was thinking of someone had tried (and succeeded?) to access my account, then logged out of all current sessions. However, I did not get any suspicious prompt on my phone to authenticate an unusual log in (Like "Did you just logged in near location xxxxx?"), also no warning email from my registered email telling me about my account being accessed on an unrecognized browser or computer.



Tl;dr: Facebook account suddenly got logged out of all devices, password was not changed, logged in entries are gone, no email warning about account being compromised, no two-factor authentication prompt showed up.



My questions are:



  • Are there any chances that someone was successfully able to get into my account? If yes, then how could they bypass the two-factor authentication?


  • Is that incident normal or I should take security actions?


Thank you!










share|improve this question







New contributor




MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • Which 2FA method do you use? I don't remember which methods Facebook provides, but SMS are weak because someone can impersonate you and obtain a SIM with your number easily, thus receiving the SMS instead of you (happened several times. There was a serial impersonificator that targetted big youtube creators and deleted their channels. They did this to multiple creators). However if this was the case your SIM shouldn't be working right now. Other types of 2FA would be harder to break without getting access to the trusted device. Maybe the sessions just expired.
    – Giacomo Alzetta
    5 hours ago










  • I use both SMS and the Code Generator from the Facebook for Android app. About the SMS, my SIM is still working fine. For the Code Generator, I actually don't have to open the Facebook app to get the OTP code. There will be a prompt in the swipe-down notification bar, I can click "Yes" to verify my log in, or "No" in case of suspicious activities. After I clicked "Yes", the browser will automatically redirect me to the News Feed.
    – MattCat15
    5 hours ago










  • I believe you should remove SMS. They do not really add any security and in fact they reduce it by alot (as I said: it's quite easy to convince someone at a SIM shop to give you a SIM for an existing number. So basically it renders your password useless). AFAIK from what you told I don't think anything fishy about this, maybe you created the sessions on all your devices almost at the same time and they all expired in a short period of time.
    – Giacomo Alzetta
    5 hours ago












up vote
1
down vote

favorite









up vote
1
down vote

favorite











A while ago, I was opening Facebook app on Android and then I got the message "Session expired. Please log in again.". I then tried logging in with my current password and was success to log in my account. Before, long time ago, when I created this account, I'd set up two-factor authentication for my account and when I checked after I did the log in, it was still active.



After that, I opened my laptop and Chrome then went to Facebook, just to find out that the session on PC was also logged out. After I logged back in, I went to security under settings and checked the section "When you're logged in" and I saw that all of the past logged in entries are gone. The only entries I got were those log in on my phone and my laptop (also appeared to be my trusted devices).



I was thinking of someone had tried (and succeeded?) to access my account, then logged out of all current sessions. However, I did not get any suspicious prompt on my phone to authenticate an unusual log in (Like "Did you just logged in near location xxxxx?"), also no warning email from my registered email telling me about my account being accessed on an unrecognized browser or computer.



Tl;dr: Facebook account suddenly got logged out of all devices, password was not changed, logged in entries are gone, no email warning about account being compromised, no two-factor authentication prompt showed up.



My questions are:



  • Are there any chances that someone was successfully able to get into my account? If yes, then how could they bypass the two-factor authentication?


  • Is that incident normal or I should take security actions?


Thank you!










share|improve this question







New contributor




MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











A while ago, I was opening Facebook app on Android and then I got the message "Session expired. Please log in again.". I then tried logging in with my current password and was success to log in my account. Before, long time ago, when I created this account, I'd set up two-factor authentication for my account and when I checked after I did the log in, it was still active.



After that, I opened my laptop and Chrome then went to Facebook, just to find out that the session on PC was also logged out. After I logged back in, I went to security under settings and checked the section "When you're logged in" and I saw that all of the past logged in entries are gone. The only entries I got were those log in on my phone and my laptop (also appeared to be my trusted devices).



I was thinking of someone had tried (and succeeded?) to access my account, then logged out of all current sessions. However, I did not get any suspicious prompt on my phone to authenticate an unusual log in (Like "Did you just logged in near location xxxxx?"), also no warning email from my registered email telling me about my account being accessed on an unrecognized browser or computer.



Tl;dr: Facebook account suddenly got logged out of all devices, password was not changed, logged in entries are gone, no email warning about account being compromised, no two-factor authentication prompt showed up.



My questions are:



  • Are there any chances that someone was successfully able to get into my account? If yes, then how could they bypass the two-factor authentication?


  • Is that incident normal or I should take security actions?


Thank you!







authentication passwords account-security facebook social-media






share|improve this question







New contributor




MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question







New contributor




MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question






New contributor




MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 5 hours ago









MattCat15

82




82




New contributor




MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






MattCat15 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











  • Which 2FA method do you use? I don't remember which methods Facebook provides, but SMS are weak because someone can impersonate you and obtain a SIM with your number easily, thus receiving the SMS instead of you (happened several times. There was a serial impersonificator that targetted big youtube creators and deleted their channels. They did this to multiple creators). However if this was the case your SIM shouldn't be working right now. Other types of 2FA would be harder to break without getting access to the trusted device. Maybe the sessions just expired.
    – Giacomo Alzetta
    5 hours ago










  • I use both SMS and the Code Generator from the Facebook for Android app. About the SMS, my SIM is still working fine. For the Code Generator, I actually don't have to open the Facebook app to get the OTP code. There will be a prompt in the swipe-down notification bar, I can click "Yes" to verify my log in, or "No" in case of suspicious activities. After I clicked "Yes", the browser will automatically redirect me to the News Feed.
    – MattCat15
    5 hours ago










  • I believe you should remove SMS. They do not really add any security and in fact they reduce it by alot (as I said: it's quite easy to convince someone at a SIM shop to give you a SIM for an existing number. So basically it renders your password useless). AFAIK from what you told I don't think anything fishy about this, maybe you created the sessions on all your devices almost at the same time and they all expired in a short period of time.
    – Giacomo Alzetta
    5 hours ago
















  • Which 2FA method do you use? I don't remember which methods Facebook provides, but SMS are weak because someone can impersonate you and obtain a SIM with your number easily, thus receiving the SMS instead of you (happened several times. There was a serial impersonificator that targetted big youtube creators and deleted their channels. They did this to multiple creators). However if this was the case your SIM shouldn't be working right now. Other types of 2FA would be harder to break without getting access to the trusted device. Maybe the sessions just expired.
    – Giacomo Alzetta
    5 hours ago










  • I use both SMS and the Code Generator from the Facebook for Android app. About the SMS, my SIM is still working fine. For the Code Generator, I actually don't have to open the Facebook app to get the OTP code. There will be a prompt in the swipe-down notification bar, I can click "Yes" to verify my log in, or "No" in case of suspicious activities. After I clicked "Yes", the browser will automatically redirect me to the News Feed.
    – MattCat15
    5 hours ago










  • I believe you should remove SMS. They do not really add any security and in fact they reduce it by alot (as I said: it's quite easy to convince someone at a SIM shop to give you a SIM for an existing number. So basically it renders your password useless). AFAIK from what you told I don't think anything fishy about this, maybe you created the sessions on all your devices almost at the same time and they all expired in a short period of time.
    – Giacomo Alzetta
    5 hours ago















Which 2FA method do you use? I don't remember which methods Facebook provides, but SMS are weak because someone can impersonate you and obtain a SIM with your number easily, thus receiving the SMS instead of you (happened several times. There was a serial impersonificator that targetted big youtube creators and deleted their channels. They did this to multiple creators). However if this was the case your SIM shouldn't be working right now. Other types of 2FA would be harder to break without getting access to the trusted device. Maybe the sessions just expired.
– Giacomo Alzetta
5 hours ago




Which 2FA method do you use? I don't remember which methods Facebook provides, but SMS are weak because someone can impersonate you and obtain a SIM with your number easily, thus receiving the SMS instead of you (happened several times. There was a serial impersonificator that targetted big youtube creators and deleted their channels. They did this to multiple creators). However if this was the case your SIM shouldn't be working right now. Other types of 2FA would be harder to break without getting access to the trusted device. Maybe the sessions just expired.
– Giacomo Alzetta
5 hours ago












I use both SMS and the Code Generator from the Facebook for Android app. About the SMS, my SIM is still working fine. For the Code Generator, I actually don't have to open the Facebook app to get the OTP code. There will be a prompt in the swipe-down notification bar, I can click "Yes" to verify my log in, or "No" in case of suspicious activities. After I clicked "Yes", the browser will automatically redirect me to the News Feed.
– MattCat15
5 hours ago




I use both SMS and the Code Generator from the Facebook for Android app. About the SMS, my SIM is still working fine. For the Code Generator, I actually don't have to open the Facebook app to get the OTP code. There will be a prompt in the swipe-down notification bar, I can click "Yes" to verify my log in, or "No" in case of suspicious activities. After I clicked "Yes", the browser will automatically redirect me to the News Feed.
– MattCat15
5 hours ago












I believe you should remove SMS. They do not really add any security and in fact they reduce it by alot (as I said: it's quite easy to convince someone at a SIM shop to give you a SIM for an existing number. So basically it renders your password useless). AFAIK from what you told I don't think anything fishy about this, maybe you created the sessions on all your devices almost at the same time and they all expired in a short period of time.
– Giacomo Alzetta
5 hours ago




I believe you should remove SMS. They do not really add any security and in fact they reduce it by alot (as I said: it's quite easy to convince someone at a SIM shop to give you a SIM for an existing number. So basically it renders your password useless). AFAIK from what you told I don't think anything fishy about this, maybe you created the sessions on all your devices almost at the same time and they all expired in a short period of time.
– Giacomo Alzetta
5 hours ago










1 Answer
1






active

oldest

votes

















up vote
5
down vote



accepted










Facebook reported a data leak today and forced a large number of accounts to log off as a precaution. Source: NY Times and Facebook.






share|improve this answer




















  • Thank you for your answer. According to the link in your answer, it seems like Facebook did some token reset. That might explain why I was asked to log in again on all of my devices. I'll take some actions on this.
    – MattCat15
    2 hours ago










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);






MattCat15 is a new contributor. Be nice, and check out our Code of Conduct.









 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f194667%2flogged-out-of-facebook-on-all-devices-on-a-sudden-should-i-be-worried-about-bei%23new-answer', 'question_page');

);

Post as a guest






























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
5
down vote



accepted










Facebook reported a data leak today and forced a large number of accounts to log off as a precaution. Source: NY Times and Facebook.






share|improve this answer




















  • Thank you for your answer. According to the link in your answer, it seems like Facebook did some token reset. That might explain why I was asked to log in again on all of my devices. I'll take some actions on this.
    – MattCat15
    2 hours ago














up vote
5
down vote



accepted










Facebook reported a data leak today and forced a large number of accounts to log off as a precaution. Source: NY Times and Facebook.






share|improve this answer




















  • Thank you for your answer. According to the link in your answer, it seems like Facebook did some token reset. That might explain why I was asked to log in again on all of my devices. I'll take some actions on this.
    – MattCat15
    2 hours ago












up vote
5
down vote



accepted







up vote
5
down vote



accepted






Facebook reported a data leak today and forced a large number of accounts to log off as a precaution. Source: NY Times and Facebook.






share|improve this answer












Facebook reported a data leak today and forced a large number of accounts to log off as a precaution. Source: NY Times and Facebook.







share|improve this answer












share|improve this answer



share|improve this answer










answered 2 hours ago









Teun Vink

4,14911728




4,14911728











  • Thank you for your answer. According to the link in your answer, it seems like Facebook did some token reset. That might explain why I was asked to log in again on all of my devices. I'll take some actions on this.
    – MattCat15
    2 hours ago
















  • Thank you for your answer. According to the link in your answer, it seems like Facebook did some token reset. That might explain why I was asked to log in again on all of my devices. I'll take some actions on this.
    – MattCat15
    2 hours ago















Thank you for your answer. According to the link in your answer, it seems like Facebook did some token reset. That might explain why I was asked to log in again on all of my devices. I'll take some actions on this.
– MattCat15
2 hours ago




Thank you for your answer. According to the link in your answer, it seems like Facebook did some token reset. That might explain why I was asked to log in again on all of my devices. I'll take some actions on this.
– MattCat15
2 hours ago










MattCat15 is a new contributor. Be nice, and check out our Code of Conduct.









 

draft saved


draft discarded


















MattCat15 is a new contributor. Be nice, and check out our Code of Conduct.












MattCat15 is a new contributor. Be nice, and check out our Code of Conduct.











MattCat15 is a new contributor. Be nice, and check out our Code of Conduct.













 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f194667%2flogged-out-of-facebook-on-all-devices-on-a-sudden-should-i-be-worried-about-bei%23new-answer', 'question_page');

);

Post as a guest













































































Comments

Popular posts from this blog

What does second last employer means? [closed]

Installing NextGIS Connect into QGIS 3?

One-line joke