20 Photos and videos
deagan retweeted
I MAX WON ANGEL OF ASGARD
To celebrate lets give away 50$ 🍀
💘Like
🌪️RT
📝Comment
@ValkyrieXStudio @ProdigyDDK
DOUBLE?👀👀
334
368
373
7,957
Increased the buy amount to $500 and hit this almost a max
Never would have hit this if i didn't see @Trainwreckstv play it, lmk if you want a tip G
2
105
NOTION IS LEAKING YOUR EMPLOYEES EMAILS
every public Notion page silently exposes the full name, email, and profile photo of everyone who ever touched it
here's how it works:
> public page leaks editor UUIDs in block permissions - no auth needed
> feed those UUIDs into /api/v3/syncRecordValuesMain
> get names emails photos back instantly
> zero tokens. zero cookies. one POST request.
your company wiki is public? job board? onboarding doc?
that's every editor's corporate email, free for anyone to grab
pair it with getLoginOptions - also zero auth - and you know exactly who uses a password vs SSO
that's a pre-sorted credential stuffing list handed to you on a plate
reported to HackerOne July 2022
triaged as "informative"
never fixed
still works today
Apr 19
every public Notion page is leaking the email addresses of everyone who edited it.
zero authentication. no cookies. no tokens. one POST request returns full names, emails, and profile photos for every editor on the page.
your company wiki is public? every employee's email is exposed. right now.
reported in 2022. still works in 2026. like what is the point of even having a BBP
thread
15
35
223
41,438