I assume that Facebook patched the vulnerability at the same time so that stolen tokens can't be abused again in the future. fighting the meme wars for freedom of speech. They also don't totally make it clear that Facebook did more than just reset tokens - if that were all that they did, all the attackers would have to do would be to start collecting tokens again. Just memes providing you with the day after tomorrow's news yesterday. None of Facebook's statements suggest that they're able to authenticate as you as the result of this particular exploit or vulnerability. The same thing is true of anyone who might have wanted to exploit a token which let them spoof as you - they too would have to re-authenticate. That's why you suddenly were unable to access Facebook without re-logging in again. Whenever it occurs, the Links Open Externally always unchecks itself. I've done all the suggested fixes, uninstall/reinstall, update app, clear cache, clear data. Any old token you had is no longer valid, not for you and not for an attacker either. This happens every day, multiple times per day. But many Facebook users don't use 2-factor authentication.Īction has already been taken for you. If your account had 2fa, it seems unlikely that an attacker could use this exploit to get into it. Is that incident normal or I should take security actions? Tl dr: Facebook account suddenly got logged out of all devices, password was not changed, logged in entries are gone, no email warning about account being compromised, no two-factor authentication prompt showed up.Īre there any chances that someone was successfully able to get into my account? If yes, then how could they bypass the two-factor authentication? However, I did not get any suspicious prompt on my phone to authenticate an unusual log in (Like "Did you just logged in near location xxxxx?"), also no warning email from my registered email telling me about my account being accessed on an unrecognized browser or computer. After logging out, log in your Facebook account and attempt an action to see if the session will still show an expired error. I was thinking of someone had tried (and succeeded?) to access my account, then logged out of all current sessions. Select Facebook and tap on Remove account. The only entries I got were those log in on my phone and my laptop (also appeared to be my trusted devices). After I logged back in, I went to security under settings and checked the section "When you're logged in" and I saw that all of the past logged in entries are gone. Before, long time ago, when I created this account, I'd set up two-factor authentication for my account and when I checked after I did the log in, it was still active.Īfter that, I opened my laptop and Chrome then went to Facebook, just to find out that the session on PC was also logged out. According to Downdetector, an online outage tracker website, around 4,800 users in the United States have reported login issues. I then tried logging in with my current password and was success to log in my account. A while ago, I was opening Facebook app on Android and then I got the message "Session expired.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |