Skip to main content

How Does Doxxing Work?

How Does Doxxing Work?

Laura Martisiute

October 26, 2023

Reading time: 7 minutes

“How does doxxing work?” This was the question I asked myself when I first heard about doxxing and people getting their private information exposed on the internet. 

Trying to answer it led me down a rabbit hole of details that clued me into how people can find your information and what they can do with it. 

In this guide, I’ll share what I learned with you – as well as steps you can take to mitigate the risk of getting doxxed. 

How Does Doxxing Work?

Doxxing or “dropping dox” (or docs) on someone typically involves collecting small amounts of information left by a person all over the internet – and then releasing some or all of that information without their permission. 

Reddit post explaining how someone doxxed another person

Doxxing attacks can often lead to online harassment and cyberbullying. 

Some people have also been swatted (when someone sends law enforcement to their house with malicious intent), stalked, or even killed with the information acquired through doxxing. In other words, it’s a real threat and not something to be taken lightly.

Finding information to doxx you with can be done in several ways. Here are some of the most common among internet trolls and other bad actors:

Username tracking 

One of the easiest ways people can find out more about you is through your username.

If you use the same username across multiple online accounts or apps – whether it’s for social media, posting on YouTube, forums, shopping accounts, and so on – a person who comes across you on one site or app can immediately find you everywhere else you hang out on the web. 

All they have to do is type your username into Google or another search engine. 

Google Search results for a specific username

To mitigate this risk, use a unique username for every account. None of your usernames should include real-life information, like your surname or even name. 

Data brokers

If someone has your name/phone number/email address/username, they can find out a lot more about you using a data broker site. 

People search site username lookup feature

Data brokers operate by collecting and compiling pieces of information on individuals into a single profile and then selling that profile for a small fee to anyone interested in it. 

The information that data brokers offer can come from a number of sources, including social media accounts like Facebook, Instagram, X, TikTok, or LinkedIn, as well as websites, news articles, retail outlets, and more. 

Sometimes, data brokers also obtain sensitive personal data, including social security numbers. While they may not openly sell that information, a data breach can leave you open to identity theft and worse when your private data winds up on the dark web.

Many data brokers will give you the option of “opting out” of their services. You can find opt-out forms or email addresses to contact them and request the removal of your profile on their websites. 

Keep in mind, however, that data brokers collect information continually to renew their databases, so you will need to repeat the process periodically to keep your data private. 

Alternatively, there are data broker removal service providers like DeleteMe that can remove you from data broker databases on your behalf.

Public records

By default, public records are meant to be exactly that – open to the public. That means that anytime you’ve been arrested, gotten married, gotten divorced, had a traffic violation, obtained land, or anything of that nature, the record exists and can be viewed in person or even online. 

In many cases, you can contact the court with the record and request that it be sealed to the public, but you will need to make a compelling case as to why the record should be sealed (for your safety, for instance).

Social media stalking 

Social media stalking happens when someone digs through social media sites, finding as much information as possible about you. 

To increase your privacy: 

  • Optimize your privacy settings.
  • Make your social media profile and biographical information private.
  • Remove personal details such as your real name, workplace, and relationship status. 
  • Remove geolocation from your photos.
  • Avoid mentioning your family members in public posts. 

Tip: By protecting your privacy on social media, you’re not only reducing the amount of information a doxer has to work with but also increasing your cybersecurity – and reducing the risk of cyber attacks. Hackers and cybercriminals use personal data on social media to guess login credentials (despite what many people still think, information like your spouse’s name is not a strong password) and bypass security questions. 

Whois is a simple service that lets you do a reverse lookup on a website’s URL or an IP address to find out the contact information of who owns it. Depending on the website registration type, it could include your full name, phone number, home address, and email address. 

Most domain registrars offer the ability to make your real identity private or obscured, sometimes for an additional fee. 

If you’re not sure about your domain, you can go to the Whois lookup tool and type in the URL. Ideally, you’ll see something along the lines of this screenshot (with “Registration Private” indicated).

Whois Registrant Contact information

Phishing

Another way doxxers can get your sensitive personal information – including your address, social security number, credit card number, and bank account information – is by social engineering, and more specifically, phishing. 

Phishing can happen in many ways, but the most common is when someone sends a “spoof” email or text from what looks like a legitimate business (such as Amazon, Microsoft, or Revolut). 

Here’s an example of a phishing text: 

Example of a phishing text that supposedly comes from Revolut

By clicking on a link within the scam email or text and then entering your personal information, you are handing it over to doxers.

In some cases, doxers may also trick you into clicking a link that leads to malware that can then steal your credentials to your email account, etc. For this reason, it’s a good idea to use a password manager and multi-factor authentication. 

IP doxxing 

The fear that someone might leak your IP address and then use that to dox you is a common one, especially in the gamer community. However, unless the doxer manages to successfully socially engineer your internet service provider (ISP) into giving up your personal information, they are unlikely to be able to do much harm to you. 

The reason why is that your IP address reveals only your general vicinity. It also changes all the time. 

That being said, if you’re still worried, you can always use a virtual private network or VPN (something that you should be doing anyway if you’re ever connecting to public Wi-Fi). 

Reduce Your Risk of Doxxing

Doxxing and the potential effects that come from getting doxxed – including swatting and death threats – can be terrifying, but fortunately, once you know how it works, you can take steps to reduce your risk. 

To learn more, read our guide on how to prevent doxxing.

SHARE THIS ARTICLE
Laura Martisiute is DeleteMe’s content marketing specialist. Her job is to help DeleteMe communicate vital privacy information to the people that need it. Since joining DeleteMe in 2020, Laura h…
Laura Martisiute is DeleteMe’s content marketing specialist. Her job is to help DeleteMe communicate vital privacy information to the people that need it. Since joining DeleteMe in 2020, Laura h…
Hundreds of companies collect and sell your private data online. DeleteMe removes it for you.

Our privacy advisors: 

  • Continuously find and remove your sensitive data online
  • Stop companies from selling your data – all year long
  • Have removed 35M+ records
    of personal data from the web
Special Offer

Save 10% on any individual and
family privacy plan
with code: BLOG10

Want more privacy
news?
Join Incognito, our monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.

Don’t have the time?

DeleteMe is our premium privacy service that removes you from more than 750 data brokers like Whitepages, Spokeo, BeenVerified, plus many more.

Save 10% on DeleteMe when you use the code BLOG10.

Related Posts

Is Brave Browser Safe?

If you use or plan to use Brave browser, you need to know: Is Brave browser safe?  Below, we explain whether Brave browser is:  We also g…
Laura Martisiute
June 25, 2024

Is Tor Safe?

If you use or plan to use Tor, you need to know: Is Tor safe?  Below, we explain whether Tor is:  We also give some steps you can take to…
Laura Martisiute
June 25, 2024

Is Etsy Safe?

If you use or plan to use Etsy, you need to know: Is Etsy safe?  Below, we explain whether Etsy is:  We also give some steps you can take…
Laura Martisiute
June 25, 2024