A security researcher has revealed that Notion inadvertently leaks email addresses of all editors on any public page. The vulnerability affects every page with public editing permissions, exposing user contact information without their knowledge or consent. This privacy flaw impacts anyone who has been granted editor access to public Notion documents.

Notion, a popular productivity platform used by millions for documentation and collaboration, allows page owners to grant editing permissions to external users. However, the platform appears to expose these editor email addresses in a way that could be harvested by anyone viewing the public page. The discovery raises serious concerns about user privacy and data protection practices.

The leak affects a fundamental aspect of Notion's permission system, potentially exposing email addresses of collaborators, clients, and team members. While public pages are designed to be accessible, the unintended exposure of editor identities represents a significant privacy violation that could lead to spam, phishing attempts, or unwanted contact.