What Is Doxxing & How to Protect Against It (2023 Guide)
October 13, 2023
Table of Contents
Your name, address, and phone number have been published online without your consent, and you’re now receiving harassing social media messages and intimidating phone calls. Known as doxxing, this situation is becoming more common among average internet users.
In this guide, we’ll provide an overview of what doxxing is, along with how you can protect yourself against it.
In this guide:
What Is Doxxing?
Doxxing (or doxing) is an increasingly common online practice that involves another person releasing your private information without your permission. The information released can include your:
Social security number
Family member details.
Doxxing typically has harmful or malicious intent behind it and is used against individuals with whom the doxxer disagrees.
When and where did doxxing emerge?
Doxxing is said to have originated in the 1990s among hacker communities, where maintaining privacy was key. It was considered incredibly damaging when one hacker would release the personal information of another hacker by “dropping dox” (slang for “docs” or “documents”) on them.
Today, doxxing has spread well beyond hacker communities.
More than 43 million Americans report being doxxed as of 2023, with two-thirds either having been a victim or personally knowing someone else who has, according to a recent study by SafeHome.
How does doxxing relate to swatting?
Doxxing is related to swatting, another form of cyberbullying that crosses into the physical world.
However, in the case of swatting, the perpetrators will call law enforcement to your home, work, or family member’s address under the (false) pretense of a horrible crime underway.
This can lead to significant distress, property damage, physical harm, and even death.
While most doxxing doesn’t get to the level of swatting, swatting is an example of what someone with harmful intent can do with your private information.
This dangerous prank is particularly prevalent in the gamer community:
How Does Doxxing Work?
For doxxing to happen, attackers need your personal information, which can be obtained through several sources, such as:
Data brokers.Data brokers are companies that exist to harvest personal data on individuals and then sell this data for a nominal fee to anyone who wants it. Data broker information can include details like your name, address, phone number, social media accounts, photos, family information, education, and more. Data broker profiles are one of the easiest ways to acquire personal data about someone, not only because they include a ton of data in one place but also because they tend to appear on the first page of Google when someone looks up someone’s name. Here’s an example of what a data broker profile looks like:
Public records. Government entities such as courthouses sometimes have searchable online databases of public records pertaining to individuals, including marriage records, land transfers, and more. Public records are one of the primary information sources for data brokers.
Social media stalking. If your social media accounts are accessible to the public, then it’s easy for others to browse through everything you’ve posted. Going back to the beginning of your timeline, someone can glean information about your life as they do so. Social media is a popular source of information for data brokers.
Phishing. If you get a text or email asking for your private information from an unrecognized email address, it may be a phishing attempt in which someone is trying to trick you into handing over your personal data using social engineering.
Whois search. The private information of website owners, potentially including your full name, address, phone number, and email address, is often readily available using the Whois lookup tool.
Username tracking. If you use the same username across multiple platforms, such as X, Reddit, and Instagram, you’re opening a window for others to follow your trail and easily compile information on you. Some data brokers let you look up individuals based on their usernames.
Doxxing can have varying degrees of impact based on who is victimized and the severity of the information released.
Sometimes, it’s celebrities who are doxxed – in 2022, Elon Musk suspended an account on Twitter for tracking the live physical location of his jet. Even though the information was technically public, aggregating Musk’s whereabouts under a single account crossed a privacy line.
Other times, doxxing victims become unwittingly entangled in a web of criminal activity. Such was the case for the clients of Ashley Madison, an online website for married individuals to coordinate affairs. The business was targeted by hackers for unpublicized demands, and upon failing to meet them, the hackers published the information of millions of users in what became a high-profile scandal and an example of “organizational doxing.”
Doxxing can essentially happen to anyone. Following the death of George Floyd while under police custody, high-ranking police officers in several large U.S. cities had their home addresses and contact information shared across social media platforms as part of a wave of public dissent against law enforcement officials. The same thing is now also happening to public officials and judges.
In the worst cases, doxxing can lead to death threats and homicide. In just one such example, the names and addresses of doctors who performed abortions were posted online in the 1990s and early 2000s; eight of those doctors have since been murdered.
Is Doxxing Illegal?
In most cases, doxxing is not illegal. This is because doxxing typically relies on public information, and gathering and releasing that information is, in itself, not a crime.
But whether or not doxxing is a crime can change depending on how the information is used, with doxxing being a natural springboard for other crimes – including harassment, identity theft, stalking, and worse.
Note: Some states and countries take doxxing more seriously. In 2021, the state of Nevada passed a law that lets doxxing victims take civil action if their personal data is published with the intent of harassment, stalking, or death. That same year, Hong Kong amended its privacy law to include doxxing.
Dangers of Doxxing
Doxxing can cause or result in the following:
Anxiety and psychological distress. Victims of doxxing frequently report having high levels of stress due to having their location and contact information made public.
Harassment. If someone has your phone number or email address, they can continually harass you with phone calls and emails at any time of day or night; this could extend to your place of work and your family members’ homes and workplaces.
Stalking. One of the more serious manifestations of doxxing is stalking – once someone has your home address and/or your work address, they can potentially follow you and track your behavior in person.
Vandalism. If someone knows where you live, what car you drive, etc., they can vandalize your property. For example, slash your car tires, break your house windows, and so on.
Impersonation. Using your personal information, someone can set up a social media profile under your identity and then interact with and mislead others.
Identity theft. Attackers can use your personal information to set up financial accounts, open credit cards, file tax returns, or get insurance or medical operations performed – all under your name.
Reputational harm. If you’ve ever said anything in a private message or email that you’d rather not be made public, you can understand the possible reputational risks that can come from being doxxed. Trolls and attackers also know this and will often use your words against you.
Homicide. Instances of death threats being reported following a doxxing incident are sadly common, and sometimes, they can escalate into bodily harm to the point of murder.
How to Prevent Doxxing
The only real way to prevent a doxxing attack is to keep your actual identity under wraps as much as possible while using the internet.
It can be easy to overlook how much information is out there about ourselves, let alone what may be on the dark web. For this reason, it is a good idea to conduct an online audit where you go to each of your online accounts and check your privacy settings. Be sure to look at how much of your private data is set to “public.” (Read our guide on how to enable privacy settings on LinkedIn).
Do the same for your posts – try to look at your accounts, profiles, and timelines through the lens of someone trying to find out as much as possible about you.
Could they find out where you live, the names of your children, or where you work during the day? Can they figure out your entire life story by piecing together your profiles across similar usernames and data broker websites?
Tip: Look up your name and some common usernames you use on a search engine like Google to see what kind of information a potential doxxer could find out about you.
You can reduce the risk of being doxxed by using different usernames and strong passwords (consider getting a password manager) for every platform, enabling two-factor authentication (a good cybersecurity practice in general), never using your real name, using a virtual private network (VPN) to hide your IP address, and keeping your social media posts private.
Tip: Set up Google Alerts to be notified when there’s a new mention of your name online.
However, even after you take these steps, much of the information you previously shared will remain on data broker sites.
Luckily, most data brokers let you opt-out. Something to note, however, is that the opt-out process differs from one data broker to the next. You can follow our opt-out guides for step-by-step instructions.
Some of our most popular data broker opt-out guides include:
Remember that opting out of data brokers once is not enough. Data brokers are notorious for relisting people’s information as soon as they collect more of it. For this reason, you need to check their databases regularly.
Alternatively, you can subscribe to a data broker removal service like DeleteMe to have our privacy professionals continuously monitor for and remove your personal information from data brokers on your behalf. You can read reviews about our service here.
What to Do If You’ve Been Doxxed
If you believe you’ve been doxed, follow these steps:
First and foremost, if you believe your safety is at risk, get somewhere safe.
Collect evidence of the doxxing by taking screenshots of information that’s been posted online (including the data published and website URL). This evidence will be important for law enforcement purposes.
Contact the platform you’ve been doxxed on and report it; with luck, they’ll be able to respond quickly and remove the post that exposes your personal information.
Contact law enforcement (such as your local police department) if you feel that the doxxing could lead to harm against you (sharing any evidence you have of the doxxing with you).
Tell someone close to you. Doxxing can be stressful, and having someone else who is aware of the situation and willing to help you navigate it can help. If the information of your family members or friends has also been compromised, be sure to let them know as well.
If your financial account information was doxxed, contact your financial institution(s) immediately and let them know what happened so they can watch for any suspicious behavior in your bank account. Change your online account passwords as needed.
If the person who doxxed you is on a social media platform of some kind, be sure to block their username so they cannot see your information any longer. Consider changing your settings to “Friends Only” or private (depending on the platform) to limit how much of your personal data public viewers can see.
How to Report Doxxing
Depending on where the doxxing took place, you may be able to report it to the platform and have it removed, along with alerting the platform to the bad behavior of the doxxer. On social media websites, information on how to report doxxing can typically be found within the community guidelines.
You can find Facebook’s guide here, Instagram’s report form here, and X’s information policy and how-to guide here.
Protect Yourself from Doxxing
With two-thirds of Americans now being the direct victim of doxxing or knowing someone who is, it’s clear that doxxing isn’t going to go away anytime soon.
Fortunately, you can minimize your risk of falling victim by keeping your online presence private. Don’t make your personal details public or associate them with your real identity and remove your name from data broker databases.
Keeping your online footprint to a minimum can limit your chances of being doxxed.
Laura Martisiute is DeleteMe’s content marketing specialist. Her job is to help DeleteMe communicate vital privacy information to the people that need it.
Since joining DeleteMe in 2020, Laura has done exactly that.
Creating some of the internet’s most popular privacy content on DeleteMe’s blog, writing the leading privacy newsletter Incognito, and helping DeleteMe plan and craft its messaging across different channels, Laura drives DeleteMe’s content.
Laura has a degree from University College Cork.
You can contact Laura with questions and ideas at email@example.com