Twitter¤¬¡¢2021ǯ6·î¤Ë¹¹¿·¤·¤¿¥³¡¼¥É¤Ë¥¢¥«¥¦¥ó¥È¤ÎÅÅÏÃÈÖ¹æ¤È¥á¡¼¥ë¥¢¥É¥ì¥¹¤ò¼èÆÀ²Äǽ¤ÊÀȼå(¤¼¤¤¤¸¤ã¤¯)À­¤¬¤¢¤Ã¤¿¤³¤È¤òÌÀ¤é¤«¤Ë¤·¤Þ¤·¤¿¡£Twitter¤Îȯɽ°ÊÁ°¤Ë»öÂÖ¤òÊ󤸤Ƥ¤¤¿¥Ë¥å¡¼¥¹¥µ¥¤¥È¤ÎBleeping Computer¤Ë¤è¤ë¤È¡¢Î®½Ð¤·¤¿¾ðÊó¤Ï540Ëü¿Íʬ¤Ç¡¢¥Ï¥Ã¥«¡¼¤¬¥Õ¥©¡¼¥é¥à¤Ç400Ëü±ß¤ÎÃͤò¤Ä¤±¤Æ¤¤¤¿¤½¤¦¤Ç¤¹¡£

An incident impacting some accounts and private information on Twitter

https://privacy.twitter.com/en/blog/2022/an-issue-affecting-some-anonymous-accounts



Hackers might have figured out your secret Twitter accounts - The Verge

https://www.theverge.com/2022/8/7/23295873/hackers-secret-twitter-accounts-security-flaw-vulnerability

Hacker selling Twitter account data of 5.4 million users for $30k

https://www.bleepingcomputer.com/news/security/hacker-selling-twitter-account-data-of-54-million-users-for-30k/

Twitter confirms zero-day used to expose data of 5.4 million accounts

https://www.bleepingcomputer.com/news/security/twitter-confirms-zero-day-used-to-expose-data-of-54-million-accounts/

Twitter¤Ë¤è¤ë¤ÈÀȼåÀ­¤Ï¡¢Ã¯¤«¤¬ÅÅÏÃÈֹ椫¥á¡¼¥ë¥¢¥É¥ì¥¹¤ò¥·¥¹¥Æ¥à¤ËÁ÷¿®¤¹¤ë¤È¡¢¤É¤ÎTwitter¥¢¥«¥¦¥ó¥È¤ËɳÉÕ¤±¤é¤ì¤¿¤â¤Î¤«¤òÄÌÃΤ¹¤ë¤È¤¤¤¦¤â¤Î¡£2021ǯ6·î¤Ë¹Ô¤Ã¤¿¥³¡¼¥É¹¹¿·¤Î±Æ¶Á¤ÇÀ¸¤Þ¤ì¤¿ÀȼåÀ­¤À¤È¤ß¤é¤ì¡¢2022ǯ1·î¤Ë¥Ð¥°Ê󾩶â¥×¥í¥°¥é¥à¤òÄ̤¸¤ÆÊó¹ð¤¬¤¢¤ê¡¢¤¿¤À¤Á¤ËÄ´ºº¤·¤Æ½¤Àµ¤ò¹Ô¤Ã¤¿¤È¤Î¤³¤È¡£

¥»¥­¥å¥ê¥Æ¥£´ë¶È¤ÎHackerOne¤¬¤³¤ÎÀȼåÀ­¤Ë´Ø¤¹¤ë¥¿¥¤¥à¥é¥¤¥ó¤ò¸ø³«¤·¤Æ¤ª¤ê¡¢2022ǯ1·î2Æü¤ËÊó¹ð¤¬¤ª¤³¤Ê¤ì¡¢2022ǯ1·î14Æü¤ËÂбþ¤¬´°Î»¡¢5040¥É¥ë(Ìó68Ëü±ß)¤ÎÊ󾩶⤬»Ùʧ¤ï¤ì¤¿¤³¤È¤¬¤ï¤«¤ê¤Þ¤¹¡£

#1439026 Discoverability by phone number/email restriction bypass

https://hackerone.com/reports/1439026

¤·¤«¤·¡¢¥Õ¥©¡¼¥é¥à¤Ç¡Ödevil¡×¤ò̾¾è¤ë¥æ¡¼¥¶¡¼¤Ï¤³¤Î½¤Àµ°ÊÁ°¤Ë548Ëü5636·ïʬ¤Î¥Ç¡¼¥¿¤òÆþ¼ê¤·¤Æ¤ª¤ê¡¢3Ëü¥É¥ë(Ìó400Ëü±ß)¤ÇÈÎÇ䤷¤Æ¤¤¤Þ¤·¤¿¡£devil¤Ï¡¢¥Ç¡¼¥¿¤Ëͭ̾¿Í¤ä´ë¶È¤Î¤â¤Î¤â´Þ¤Þ¤ì¤ë¤È¼çÄ¥¤·¤Æ¤¤¤Þ¤¹¡£

¥Ë¥å¡¼¥¹¥µ¥¤¥È¡¦Bleeping Computer¤Ï2022ǯ7·î22Æü¤ËTwitter¤«¤éÅð¤ß½Ð¤µ¤ì¤¿¥Ç¡¼¥¿¤¬ÈÎÇ䤵¤ì¤Æ¤¤¤ë»Ý¤òÊ󤸡¢Twitter¤ËÌ䤤¹ç¤ï¤»¤ò¹Ô¤Ã¤Æ¤¤¤Þ¤¹¤¬¡¢¤³¤Î»þÅÀ¤Ç¤ÏTwitter¤Ï¡Ö¥Ç¡¼¥¿¿¯³²¤ò³Îǧ¤Ç¤­¤Æ¤¤¤Ê¤¤¡×¤È²óÅú¤·¤Æ¤¤¤Þ¤·¤¿¡£