Log-in switching to another device?
Today I noticed something strange on my phone. I opened up my FF browser and noticed a small warning icon on the bottom right. It said, my sync was not logged in and I had to enter my password and 2FA code. After entering these - which I have done quite some time ago already, I immediately got the mail telling me about the new log-in on my account. I mean, I know that it was me, I just logged in. But it got me suspicious because my mobile should already be logged in! So I followed the 'manage devices' link to check the list of my logged-in devices. What I have found is disturbing me. My device was now two times in that list: One saying 'this device' and one stating it is located in another country (USA), last seen a couple of hours ago. I'm from Europe and I certainly have never been in the USA! Of course I removed access immediately!
Is this possibly a bug or even a security breach, that an attacker can 'transfer' a log-in token to another device without any notification? It seems like my mobile's token was removed and so I had to re-log in here. And yes, I use unique passwords with a password manager and 2FA. The only notification I ever saw on this was that my mobile no longer was logged into my sync account!
Additional System Details
- User Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/21.0 Mobile/15E148 Safari/605.1.15
Do you use a VPN on your device? That could explain why Mozilla believed you were in a different country.
No, I don't. I do use cloudflare (188.8.131.52) but that is not an actual VPN, merely a dns service.
No, I do not. I use Cloudflare (184.108.40.206) but it is not a true VPN, just a dns service.
I believe that the Cloudflare server is in the US, which could explain what you are seeing.
As far as I am aware, Cloudflare does not mask anything. It serves as a DNS Service which does nothing but translate a dns request into an ip-address.
But even if your suggestion was the reason for why my approximate location is so far off, there is still a question that is not answered: Why was my device logged off? Repeatedly.
I just had the same log-off thing re-occure, and a few days ago too. For some strange reason, my latest confirmation mail said that I was logging in from Seattle. (I use Cloudflare for quite some time now, long before this has started.)