Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

Log-in switching to another device?

  • 5 replies
  • 3 have this problem
  • 4 views
  • Last reply by hellmight

hellmight
hellmight
more options

Today I noticed something strange on my phone. I opened up my FF browser and noticed a small warning icon on the bottom right. It said, my sync was not logged in and I had to enter my password and 2FA code. After entering these - which I have done quite some time ago already, I immediately got the mail telling me about the new log-in on my account. I mean, I know that it was me, I just logged in. But it got me suspicious because my mobile should already be logged in! So I followed the 'manage devices' link to check the list of my logged-in devices. What I have found is disturbing me. My device was now two times in that list: One saying 'this device' and one stating it is located in another country (USA), last seen a couple of hours ago. I'm from Europe and I certainly have never been in the USA! Of course I removed access immediately!

Is this possibly a bug or even a security breach, that an attacker can 'transfer' a log-in token to another device without any notification? It seems like my mobile's token was removed and so I had to re-log in here. And yes, I use unique passwords with a password manager and 2FA. The only notification I ever saw on this was that my mobile no longer was logged into my sync account!

Today I noticed something strange on my phone. I opened up my FF browser and noticed a small warning icon on the bottom right. It said, my sync was not logged in and I had to enter my password and 2FA code. After entering these - which I have done quite some time ago already, I immediately got the mail telling me about the new log-in on my account. I mean, I know that it was me, I just logged in. But it got me suspicious because my mobile should already be logged in! So I followed the 'manage devices' link to check the list of my logged-in devices. What I have found is disturbing me. My device was now two times in that list: One saying 'this device' and one stating it is located in another country (USA), last seen a couple of hours ago. I'm from Europe and I certainly have never been in the USA! Of course I removed access immediately! Is this possibly a bug or even a security breach, that an attacker can 'transfer' a log-in token to another device without any notification? It seems like my mobile's token was removed and so I had to re-log in here. And yes, I use unique passwords with a password manager and 2FA. The only notification I ever saw on this was that my mobile no longer was logged into my sync account!

All Replies (5)

jonwillcode
jonwillcode
more options

Do you use a VPN on your device? That could explain why Mozilla believed you were in a different country.

hellmight
hellmight Question owner
more options

No, I don't. I do use cloudflare (1.1.1.1) but that is not an actual VPN, merely a dns service.

hellmight
hellmight Question owner
more options

No, I do not. I use Cloudflare (1.1.1.1) but it is not a true VPN, just a dns service.

Paul
Paul
  • Moderator
  • Top 10 Contributor
more options

Hi

I believe that the Cloudflare server is in the US, which could explain what you are seeing.

hellmight
hellmight Question owner
more options

As far as I am aware, Cloudflare does not mask anything. It serves as a DNS Service which does nothing but translate a dns request into an ip-address.

But even if your suggestion was the reason for why my approximate location is so far off, there is still a question that is not answered: Why was my device logged off? Repeatedly.

I just had the same log-off thing re-occure, and a few days ago too. For some strange reason, my latest confirmation mail said that I was logging in from Seattle. (I use Cloudflare for quite some time now, long before this has started.)