Logged out of Facebook on all devices on a sudden. Should I be worried about being hacked?

MattCat15 09/28/2018. 5 answers, 12.899 views
authentication passwords account-security facebook social-media

A while ago, I was opening Facebook app on Android and then I got the message "Session expired. Please log in again.". I then tried logging in with my current password and was success to log in my account. Before, long time ago, when I created this account, I'd set up two-factor authentication for my account and when I checked after I did the log in, it was still active.

After that, I opened my laptop and Chrome then went to Facebook, just to find out that the session on PC was also logged out. After I logged back in, I went to security under settings and checked the section "When you're logged in" and I saw that all of the past logged in entries are gone. The only entries I got were those log in on my phone and my laptop (also appeared to be my trusted devices).

I was thinking of someone had tried (and succeeded?) to access my account, then logged out of all current sessions. However, I did not get any suspicious prompt on my phone to authenticate an unusual log in (Like "Did you just logged in near location xxxxx?"), also no warning email from my registered email telling me about my account being accessed on an unrecognized browser or computer.

Tl;dr: Facebook account suddenly got logged out of all devices, password was not changed, logged in entries are gone, no email warning about account being compromised, no two-factor authentication prompt showed up.

My questions are:

  • Are there any chances that someone was successfully able to get into my account? If yes, then how could they bypass the two-factor authentication?

  • Is that incident normal or I should take security actions?

Thank you!

5 Answers

Teun Vink 10/01/2018.

Facebook reported a data leak today and forced a large number of accounts to log off as a precaution. Source: NY Times and Facebook.

That NYT article says "The company forced more than 90 million users to log out early Friday, a common safety measure taken when accounts have been compromised."

Additional article from The Hacker News - "unknown hacker or a group of hackers exploited a zero-day vulnerability in its social media platform that allowed them to steal secret access tokens for more than 50 million accounts" and "Facebook has already reset access tokens for nearly 50 million affected Facebook accounts and an additional 40 million accounts, as a precaution"

Beanluc 10/03/2018.

Are there any chances that someone was successfully able to get into my account? If yes, then how could they bypass the two-factor authentication?

If your account had 2fa, it seems unlikely that an attacker could use this exploit to get into it. But many Facebook users don't use 2-factor authentication.

Is that incident normal or I should take security actions?

Action has already been taken for you. Any old token you had is no longer valid, not for you and not for an attacker either. That's why you suddenly were unable to access Facebook without re-logging in again. The same thing is true of anyone who might have wanted to exploit a token which let them spoof as you - they too would have to re-authenticate. None of Facebook's statements suggest that they're able to authenticate as you as the result of this particular exploit or vulnerability. They also don't totally make it clear that Facebook did more than just reset tokens - if that were all that they did, all the attackers would have to do would be to start collecting tokens again. I assume that Facebook patched the vulnerability at the same time so that stolen tokens can't be abused again in the future.

R.. 09/29/2018.

This question is a great opportunity to point out that FB badly botched the handling of this. Being unexpectedly logged out and asked to login again looks just like phishing and it should be treated as such by users.

After invalidating session tokens, Facebook should have made the invalid ones redirect not to the main login page, but to a page explaining the breach and asking the user to click logout, then manually type facebook.com in their browser location bar and login again.

Laurence Payne 10/03/2018.

This was a precautionary measure, instigated by Facebook.

It reminds us of a very important point.

Facebook is a noticeboard. Don't put stuff on a noticeboard that you don't want people to see.

Remember that, and a lot of the 'security' worries go away. Not all of them, but a lot of them.

pytago 10/02/2018.

Are there any chances that someone was successfully able to get into my account? If yes, then how could they bypass the two-factor authentication?

Yes. They exploited a bug in Facebook's code. What they were able to see – nobody knows. We only know what Facebook reported, but do you trust this company to disclose all information?

Is that incident normal or I should take security actions?

You should consider deleting your account from sites that do not secure your data well enough. You'll have to weigh the benefits of being on this site versus the risk of another breach and the sensitivity of the data you send this company and everything they can guess from that. This might include your sexual orientation, your partners, affairs, financial situation, private chat messages...

HighResolutionMusic.com - Download Hi-Res Songs

1 Ariana Grande

7 Rings flac

Ariana Grande. 2019. Writer: Ariana Grande;Richard Rodgers;TBHits;Njomza;Michael "Mikey" Foster;Kaydence;Tayla Parx;Scootie;Oscar Hammerstein II;Victoria Monét.
2 Alan Walker

Lily flac

Alan Walker. 2018. Writer: Alan Walker;Lars Kristian Rosness;Magnus Bertelsen;K-391;Didrik Handlykken;Marcus Arnbekk.
3 Alec Benjamin

Let Me Down Slowly flac

Alec Benjamin. 2019. Writer: Alec Benjamin;Sir Nolan;Michael Pollack.
4 Alan Walker

Lost Control flac

Alan Walker. 2018. Writer: Alan Walker;Thomas Troelsen;Mood Melodies;Sorana;Fredrik Borch Olsen;Magnus "Magnify" Martinsen.
5 Skylar Grey

Everything I Need flac

Skylar Grey. 2018. Writer: Elliott Taylor;Rupert Gregson-Williams;Skylar Grey.
6 Post Malone

Sunflower flac

Post Malone. 2018. Writer: Carl Rosen;Louis Bell;Billy Walsh;Carter Lang;Swae Lee;Post Malone.
7 Westlife

Hello My Love flac

Westlife. 2019. Writer: Steve Mac;Ed Sheeran.
8 Alan Walker

Different World flac

Alan Walker. 2018. Writer: Shy Nodi;Alan Walker;Fredrik Borch Olsen;James Njie;Marcus Arnbekk;Gunnar Greve Pettersen;K-391;Corsak;Shy Martin;Magnus Bertelsen.
9 Sam Smith

Fire On Fire flac

Sam Smith. 2018. Writer: Steve Mac;Sam Smith.
10 Conor Maynard

Way Back Home (Sam Feldt Edit) flac

Conor Maynard. 2018. Writer: Ji Hye Lee;Shaun.
11 Normani

Dancing With A Stranger flac

Normani. 2019. Writer: Mikkel S. Eriksen;Tor Hermansen;Jimmy Napes;Normani;Sam Smith.
12 Slushii

Never Let You Go flac

Slushii. 2019. Writer: Sofía Reyes;Slushii;Aviella Winder.
13 Skrillex

Face My Fears flac

Skrillex. 2019. Writer: Poo Bear;Skrillex;Utada Hikaru.
14 Alora & Senii

Love U So flac

Alora & Senii. 2019. Writer: Alora & Senii.
15 The Chainsmokers

Hope flac

The Chainsmokers. 2018. Writer: Kate Morgan;Chris Lyon;Alex Pall;Andrew Taggart.
16 Imagine Dragons

Believer flac

Imagine Dragons. 2019. Writer: Dan Reynolds;Lil Wayne;Wayne Sermon;Ben McKee;Daniel Platzman;Robin Fredriksson;Mattias Larsson;Justin Tranter.
17 Alan Walker

I Don't Wanna Go flac

Alan Walker. 2018.
18 Mike Perry

Runaway flac

Mike Perry. 2019. Writer: Andreas Wiman;Dimitri Vangelis;Richard Müller;Sasha Rangas;Stefan Van Leijsen;Mike Perry.
19 Gesaffelstein

Lost In The Fire flac

Gesaffelstein. 2019. Writer: Ahmad Balshe;Nate Donmoyer;Gesaffelstein;DaHeala;The Weeknd.
20 Hozier

Almost (Sweet Music) flac

Hozier. 2019. Writer: Hozier.

Related questions

Hot questions


Popular Tags