Website login information retained in browser

Description of the issue:

Website login information retained by browser

How can this issue be reproduced?

Any time

Expected result:

Brave Version( check About Brave):

1.56

Additional Information:

Trying to source how my facebook account got hacked. Wondering if it’s possible of remote access to whatever Brave stores as login info that bypasses login prompt when going to facebook.com. Meaning that I have been able to go directly to my account on facebook via Brave browser with no request to login or re-login for sometime. As no one has access to any of my devices and as far as I have been able to find out none of my devices have been hacked the only thing I can think of is someone accessing stored login information via Brave browser on their end. Perhaps not possible but I am investigating all possibilities.

Facebook will use Cookies to let you log in without the use of password. Is not a surprise they do that, just like Gmail or Outlook lets you switch accounts easily with just one click.

You had to clear the cookies from Facebook or use the Forgetful Browsing on it or TEMP Ephemeral Storage on the first party cookies to force your browser to ask for a login every time.

The question is, why didn’t you enable 2FA in your Facebook account? that would protect you if someone tries to log in, because at least the system is able to protect you from people trying to log in from somewhere else.

The thing is, If you have other the same password in other services and those services got hacked, that’s how must of the issues happen, people using same username/email with same password and then they are in a database bad guys buy and they can try to input your information and many times it works.

Cookies can be copy and pasted, easily, accessed in the same system easily. It is only when you try to access them from another computer or user, where the encryption starts kicking in, but if someone had access to your computer, they could have access anything they wanted.
Even if the browser ask for your account password to see passwords, the truth is 3p programs can access the passwords without it so it is just an illusion of security.
But sometimes when you change locations, like countries, you are still requested to login, but I don’t know how secure Facebook is so I can’t say much about it in that aspect.

What does Facebook says about your logins? it should have info about it, for example, once someone used my email to their garbage Facebook account, and I had to reset password, login and delete the account.
By downloading the info I could see that the logins were from specific IP and Country and all that.
I think they display that info inside Facebook, but I still downloaded just it in case, I saw the same person opening a Facebook account with my email.

So you should check and see where they logged from, because I doubt it has to do with cookies, it would require too much, like using Teamviewer or somethinfg like that. When they could have just do more harm than hacking a Facebook account.

I’m pretty good with passwords, I have a password manager. Can’t remember if I had 2FA enabled or not but the odd thing is I never received an email notification that the email account associated with my facebook account had been changed. A few days ago I opened Brave browser on my phone to access facebook and I had to re-login and that’s when I discovered my password and email had been changed. As no one has access to my devices I’m trying to figure out how I got hacked. Perhaps I was on WiFi on an open network…I don’t know.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.