Doxxing explained: What it is, how it works, and how to stay safe

Dawna Roberts

Nov 23, 20235 min read

Doxxing explained: What it is, how it works, and how to stay safe: Header image

Living in the modern digital age comes with dangers and challenges. One of them is doxxing, a practice that can be extremely harmful to the victim. 

If you aren’t yet aware of what doxxing is, keep reading to learn more about this threat, how it can affect you, and how to protect yourself. 

What is doxxing, or doxing?

Doxxing means the public release of private documents about someone online, revealing their most personal information without permission. 

Doxxing is considered harassment, and the person doing the doxxing is often trying to humiliate, bully, or harm the victim. 

Types of information that can be doxxed

The list of information that can be doxxed is vast. Here is a list of some of the most damaging personal details that might be leaked online:

  • Home address
  • Work address
  • Home phone number
  • Social security number
  • Driver’s license info
  • Passport info
  • Bank or credit card details
  • Personal communications (emails/texts/etc.)
  • Criminal history
  • Embarrassing private information or photos
Image of a driver's license ID.
Image by Pexels

Understanding doxxing

Typically, someone doxxes another person out of anger, spite, jealousy, or other malicious reasons. 

Many notable celebrities and public figures have been doxxed and suffered embarrassment and personal exposure after their personal information was posted online. 

It works when someone harvests data “breadcrumbs” by combing through the internet and other sources and then combining all the information they’ve gathered. Sometimes, doxxers use cybercriminal techniques to gather information, such as:

  • Phishing emails are where an attacker pretends to be another entity and requests information from the victim.
  • Social engineering is a technique where a bad actor gets someone to trust them and then asks for private information. 
  • Government and other public records are an excellent source of information for someone trying to put together a profile on an individual.
  • Man-in-the-middle attacks are used to collect private data by intercepting an online connection.
  • Social media stalking is another way perpetrators collect personal details about someone. 
  • Reverse lookups and data brokers are loaded with information, and doxxers use them to find information about people.
  • IP address tracking and packet sniffing are also used to collect data in doxxing attacks.

These are just some of the methods people use to get information about you to use in doxxing. Other times, the perpetrator may visit the dark web, where vast amounts of stolen personal information are bought and sold. 

Screenshot of a phishing email attempting to get info for doxxing.

Why is doxxing dangerous?

At the very least, doxxing is annoying and can be potentially damaging to a person’s reputation, career, and lifestyle. If enough information is leaked, the victim could suffer identity theft, which is very difficult to clean up and resolve.  

How and when did doxxing start?

Doxxing, also known as “doxing,” originated from hacker turf wars in the 1990s, when rival hackers would leak information about their competitors. The term “dropping documents” (shortened to docs) eventually evolved into “doxxing” and has since become a widespread problem not just among hackers. 

Doxxing is not illegal. So far, there are very few specific doxxing laws. However, courts handle them on a case-by-case basis as they come up. Typically, law enforcement charges doxxers with other crimes like harassment, stalking, cyberbullying, identity theft, or incitement to violence.

Local governments are starting to pass anti-doxxing laws. For example, Kentucky passed anti-doxxing legislation in 2021. Other countries like Hong Kong are doing the same. 

Why do people doxx?

People doxx others to punish, intimidate, or humiliate them. Regardless of the reason, doxxing results in a huge violation of privacy, something that has become very important to us all. 

How to protect yourself from doxxing

As noted above, doxxing can have dire consequences for your reputation. It may also cause embarrassment and could even lead to identity theft. 

Unfortunately, with so much of our lives stored online, anyone can be a victim of doxxing. You must learn how to protect yourself and keep your private information safe. 

Have I been doxxed? Here’s how to know

If you suspect that someone is doxxing you, take immediate steps to stop it. Some signs that indicate you may have been doxxed are:

  • You notice personal information about you showing up online.
  • People start mentioning things about you they wouldn’t ordinarily know.
  • You receive a Google alert that your name or information has shown up online. 
  • You receive threatening messages from someone.

Unfortunately, you don’t usually find out about doxxing until you have already suffered the consequences.

How to prevent doxxing

Preventing doxxing means beefing up your cybersecurity efforts and protecting your personal information at all costs. 

Some ways to prevent yourself from being doxxed include:

  • Hide your IP address using a VPN.
  • Keep your social media posts private and minimize what you share online.
  • Don’t log in with third-party options like Google, Apple, and Facebook.
  • Use a fake name and an alternate email address on public websites so no one knows who you are, and you can remain anonymous.
  • Set up multi-factor authentication on all your accounts.
  • Never share passwords or login information with anyone.
  • Use strong passwords and a password vault to keep them in.
  • Install antivirus/antimalware software on all your devices and run deep scans often.
  • Don’t connect to public Wi-Fi without a VPN.
  • Be aware of phishing and social engineering tactics. Don’t click links or respond.
  • Contact websites and data brokers and request the removal of your private information.
  • Set up Google alerts to be notified when you show up online. 

What to do if you have been doxxed

If you have been doxxed, don’t panic. Instead, take quick action to fix the problem.

Document the doxxing by taking screenshots and writing everything down. Report the violation to any website that shows your personal data. You may even consider reporting it to law enforcement.

Lock down your financial accounts and put a credit freeze on your credit file so no one can open new accounts in your name. Change all your passwords immediately and contact websites to remove your personal data.

Digital resources offer us many wonderful conveniences like easy communication, automation, and fun. However, this modern technology also opens the gate for malicious attacks. Follow cybersecurity best practices to stay safe and do all you can to protect yourself from being doxxed. 

Dawna Roberts Dawna Roberts
Dawna has spent her entire career in web dev, cybersecurity, and IT. Her work has been featured on Forbes, Adobe, Airtable, Backblaze, Cyberleaf, Lifewire, and other online publications for the past ten years.