Notion pages have leaked user data via an unauthenticated API since 2022

📅 20 April 2026 at 11:34 UTC📰 Cyber InsiderView original source ↗

A security researcher has revealed that Notion’s public pages can expose the email addresses of all contributors through an unauthenticated API request, a behavior that has reportedly been known since 2022 and is still present today. The issue allows anyone to extract user data, including names, emails, and profile images, without logging in or interacting … The post Notion pages have leaked user data via an unauthenticated API since 2022 appeared first on CyberInsider.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

Notion's public pages have leaked user data via an unauthenticated API since 2022, exposing contributor email addresses without authentication or interaction with the platform.

⚙️Technical Details

💥Impact Assessment

Severity: high

Who Is at Risk

users who publish public pages in Notion, particularly those with sensitive collaborators

🛡️Recommended Actions

1Review sharing settings to avoid publishing pages with sensitive collaborators

2Limit the number of editors on exposed pages and use corporate email accounts cautiously

3Regularly review publicly indexed Notion pages for potential data exposure

📦Affected Products

Product Name: NotionProduct Type: software

Read the full article

This is a curated summary. The complete article is available at Cyber Insider.

Read on Cyber Insider ↗

← Back to feed