Hackers claim 110M Notion records exposed, but the company’s AI assistant is not concerned

Published: 29 June 2026
Notion

A hacker has claimed responsibility for a massive breach of Notion – a productivity platform used by Nvidia and OpenAI – exposing 110 million user records. However, the company’s AI assistant, which responded to our journalists, does not seem to be bothered.

Key takeaways:
  • A hacker claims to have stolen and is selling 110 million Notion user records.
  • The leaked data reportedly includes email addresses, password hashes, login metadata, and workspace details.
  • Notion has not confirmed the alleged breach, with the company's AI customer support assistant responding only with general security practices rather than addressing the specific claim.
  • If proven to be legitimate, the leak increases the risk of account takeovers, credential stuffing, and phishing attacks.

A threat actor has taken to underground forums to claim responsibility for a data breach at the popular productivity platform Notion. The attacker is offering more than 110 million user records, containing account information, password hashes, and login metadata, to the highest bidder.

ADVERTISEMENT

To support the claim, the seller published 48 sample records. Cybernews researchers have reviewed the samples and found they include a wide range of account-related information, including:

  • Email addresses
  • Email verification status
  • Usernames
  • Password hashes
  • Signup IP addresses
  • Last login IP addresses
  • Account creation timestamps
  • Last activity timestamps
  • Locale, timezone, and country information
  • Workspace names and user roles
  • Subscription and trial status

Our researchers note that the sample appears internally consistent. However, they stress that there is currently no way to verify whether the full dataset actually contains the advertised 110 million records.

"The sample looks legitimate, but we cannot confirm the claimed number of records," they said.

Notion states that it has over 100 million users across its applications. Among the high-profile clients using the company’s productivity apps are Nvidia, OpenAI, Toyota, and Vercel.

notion 1
Screenshot by Cybernews

Notion users are at risk of account takeovers

While the allegedly stolen passwords appear to be stored as hashes rather than plaintext, our researchers warn that they still present security risks.

ADVERTISEMENT

"The main concerns are account takeovers and credential stuffing because password hashes are included," they explained.

Depending on the hashing algorithm and password strength, attackers may attempt to crack some hashes. If successful, the recovered passwords could be tested against other online services. As many users have a vicious habit of reusing passwords, this may pose risks to various accounts.

Attackers could also use exposed email addresses for phishing campaigns impersonating Notion support or other trusted services.

The researchers warn that attackers frequently combine leaked account information with previously stolen credentials to create more convincing social engineering attacks.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Breach reporting may not pass the gatekeeper – the company’s AI assistant

Cybernews reached out to the company for confirmation. However, instead of receiving a response from a spokesperson or security team, the inquiry was answered by the company's AI-powered customer support assistant.

The automated reply stated it "cannot confirm a specific cyber incident from the information provided," before outlining Notion's general security practices. Checking posts on hacker forums is clearly beneath the scope of the AI assistant that the company uses.

email notion
Email received from Notion.

The AI assistant stated that instead of commenting on breach claims, it can give more details about the company's security measures.

ADVERTISEMENT

“What I can share is how Notion handles security incidents and customer communication.”

According to AI’s response, Notion:

  • The company has a 24/7 incident response
  • Uses AES-256 encryption for data at rest, TLS 1.2 or higher for data in transit
  • Enforces multi-factor authentication for employees
  • Performs daily backups
  • Says it would notify customers within 72 hours of a confirmed breach where required by law

It is not the first time Notion has been caught in a cybersecurity incident. In April this year, security researchers identified privacy issues in Notion’s systems that may have contributed to a data leak.

According to cybersecurity experts, the pages that users openly publish on the internet may be leaking personal information of those who have edited them, including usernames, profile images, and even email addresses associated with the accounts.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Majority of Americans shout and swear at AI-powered customer service agents
AI drone quickly finds hikers lost and freezing in Australian national park
Germany discloses data over “silent SMS” use for surveillance
Companies are swapping premium AI for cheaper alternatives
What do we know about Walmart’s emotional recognition technology?
ADVERTISEMENT