Data Leak Exposes Editors' PII on Public Notion Pages

Severity: High (Score: 63.0)

Sources: Gbhackers, Cybersecuritynews

Summary

Notion, a popular productivity platform, has been identified as having a significant data exposure issue. Public Notion pages are leaking personally identifiable information (PII) of editors, including full names, email addresses, and profile photos. This exposure occurs without any authentication requirements, making it easy for malicious actors to scrape data from thousands of publicly accessible company wikis and personal pages. Organizations using Notion for public documentation are particularly at risk, as this vulnerability could lead to targeted phishing attacks and other privacy violations. The issue has raised alarms within the cybersecurity community, prompting calls for immediate action to secure sensitive information. As of now, there are no reported patches or fixes for this vulnerability. The scope of the impact remains unclear, but it is expected to affect a large number of users and organizations relying on Notion. Key Points: • Public Notion pages expose editors' PII, including emails and profile photos. • No authentication is required to access the leaked information. • Organizations using Notion for public documentation are at heightened risk.

Key Entities

• Data Breach (attack_type)
• CWE-200 - Exposure of Sensitive Information (cwe)
• Notion (tool)