How could that ever be possible

My Facebook account was taken over by a friend as a joke, and I’m trying to understand the technical method he used. I did not click any phishing link, there was no social engineering, and he had no physical access to my devices. We were also not on the same local network. I was suddenly logged out of my account (he wasn’t logged in yet), and when I immediately tried to log back in, it appears he intercepted my credentials in real time and then kicked me out. I never received any notification about a password change or new login. How could he have remotely logged me out and captured my login credentials under these exact conditions?”