Table of Contents
Doxxing (or doxing), short for "document tracing", is searching for and publicly disclosing private or personally identifiable information about an individual or organization on the internet, often with malicious intent. This may include details such as the person's home address, phone number, email address, employer and work details, family members' information, and more. Perpetrators may use various techniques to gather information, such as searching public records and data caches of stolen information shared on the dark web, exploiting security vulnerabilities, social engineering, or hacking into accounts.
Doxxing is typically done to intimidate, harass, or otherwise harming the target such as identity theft. It can have severe consequences for the victim, including privacy invasion, identity theft, cyberbullying, harassment, or even physical harm in some circumstances. Although doxxing is illegal in many jurisdictions and many online communities, platforms, and organizations have policies to combat it, it seems fair to say that those interested in doxxing someone will always find some form of online venue such as dark web chat forums to carry out their attacks.
Protecting personal information and practicing online safety are essential to avoid becoming a victim of doxxing. This is true not only for high-profile people such as political figures, government employees, and law enforcement but also for anyone wanting to maintain their security.
Who is Typically Targeted By Doxxing Attacks?
Anyone is potentially a target of doxxing should they cross paths with malicious individuals or groups who are motivated enough. While high-profile individuals are at increased risk of being targeted, doxxing attacks may happen without a clear motive, targeting even the average person.
High-profile examples include doxxing that occurred after the personal information of millions of users was exposed as a result of the infamous Ashley Madison breach. Data from the online dating website was compromised in 2015, including the names, email addresses, and in some cases, payment details of many prominent people which led to doxxing and public shaming. GamerGate was another highly controversial online movement that involved harassment and doxxing of individuals, particularly women in the video game industry and media. Game developer Zoe Quinn and media critic Anita Sarkeesian were among the targets. During the 2019 protests in Portland, Oregon, over racial injustice and police brutality, some individuals were doxxed, leading to offline harassment and threats and illustrating how doxxing has been used in the context of social and political movements.
Doxxing attacks may commonly target:
Public Figures: Public figures, including celebrities, politicians, activists, and public officials, are frequent targets of doxxing due to their high visibility and the potential for their personal information to be of interest to a larger audience.
Social Media Influencers: Individuals with a significant following on social media platforms may be targeted as their online presence makes them more accessible and, in some cases, controversial.
Journalists and Activists: Journalists and reporters who cover sensitive or controversial topics may become targets in an attempt to intimidate or discredit them. People who participate in online gaming or live-streaming often use pseudonyms, but their real identities may be sought out and exposed. Those who are involved in social justice movements, political activism, or advocacy work may be doxxed as a means to silence or intimidate them.
Members of Marginalized Communities: Individuals who belong to marginalized or vulnerable communities may be targeted with the intent to harass or harm them based on their race, ethnicity, gender, sexual orientation, or other characteristics.
Personal or Business Disputes: Doxxing can also occur in personal disputes, such as conflicts between individuals in online communities, former friends, or romantic partners. People associated with certain businesses or industries may become targets if their actions or affiliations are controversial.
Regular Internet Users: In some cases, doxxing may occur randomly or without a clear motive, targeting ordinary Internet users who happen to cross paths with malicious individuals or groups.
How Can Doxxing Be Prevented?
Preventing doxxing involves taking proactive steps to protect your personal information and minimize the risk of it being exposed. Here are some measures you can take to help prevent doxxing:
Configure Advanced Privacy Settings: Adjust the privacy settings on your social media accounts to limit who can view your information. Be cautious about accepting friend or connection requests from people you don't know personally.
Employ Strong Access Controls Use complex passwords for your online accounts, and consider using a password manager to keep track of them. Avoid using easily-guessable info like birthdays or common phrases. Whenever possible, enable 2FA on your online accounts. This adds an extra layer of security by requiring a second form of verification in addition to your password.
Be Wary of Phishing Attempts: Be cautious about clicking on links or downloading attachments from unknown sources, as these could be phishing attemps designed to steal your information. Learn about common social engineering tactics such as pretexting or baiting, which are often used to gather personal information. Be cautious about sharing information over the phone or in response to unsolicited emails.
Monitor Your Online Presence: Avoid sharing sensitive personal information such as your full name, home address, phone number, or financial details on public forums and social media platforms. Regularly search for your own name online to see what information is publicly available. If you find sensitive information, take steps to have it removed such as editing account information or using a data removal service like DeleteMe, Kanary and OneRep.
Use Secure Networks / VPN: Secure your home Wi-Fi network with a strong password to prevent unauthorized access to your internet connection and devices. Do not connect to public WiFi or make sure to secure your connection with a trusted VPN service if you must connect to public WiFi. A virtual private network (VPN) can further encrypt your internet connection and mask your IP address, which can help protect your online privacy.
Only Use Trusted Online Resources: Only share your financial information on secure, reputable websites. Look for "https" in the URL and check for security indicators like padlock icons. Do not share your personal information with an online service unless you trust it and do not download or install pirated software.
Report Suspicious Activity: If you suspect someone is attempting to dox you or engage in harassment, report the activity to the authorities or the relevant platform.
Build Doxxing Policies Into Your Platform: Companies who maintain online platforms can build doxxing into their terms-of-use and enforce any cases of doxxing that takes place on their site. Content moderation can be used to monitor for and remove malicious content and users.
Doxxing is the practice of uncovering and publicly revealing private or personally identifiable information (PII) about individuals or organizations online in order to intimidate, harass, or harm and can lead to severe consequences, including privacy invasion, identity theft, and cyberbullying. While it is illegal, perpetrators still find ways to carry out attacks. The most common targets of doxxing campaigns are public figures, social media influencers, journalists, activists, and people from marginalized communities but in fact, anyone may be targeted.
Preventing doxxing requires proactive measures, such as cautious online sharing, strong privacy settings, complex passwords, and vigilance against phishing. Regularly monitoring your online presence and using secure networks can also help safeguard personal information and prevent it from being accessible in the event you are targeted.
Ready to learn how to protect yourself and your organization from common threats like doxxing in 2023 and beyond? Contact our team today.
Download our Free Buyer's Guide
Whether you are looking to complete Penetration Testing to manage risk, protect your data, comply with regulatory compliance standards or as a requirement for cyber insurance, selecting the right company is crucial. Download our buyer’s guide to learn everything you need to know to successfully plan, scope and execute your penetration testing projects.