You’ve probably heard a celebrity or YouTuber complain about this before, but what’s doxxing really and how does it work? If you’re on social media or forums like Reddit, you’ve likely shared some opinions or gotten into a disagreement with someone in the past. It’s completely normal, but some unsavory people online choose to take that disagreement way too far. I’m not just talking about cyberbullying.
Despite celebrities taking the doxxing spotlight, it’s a prevalent problem for the average joe too. SafeHome revealed in a study that, by 2021, over 43 million Americans have been doxxed at least once in their life.
Read on to find out more about doxxing and how not to get doxxed in the future. You’ll also learn a couple of tips on how to protect yourself if you get doxxed.
What is Doxxing?
Doxxing is one of the oldest forms of online harassment and started in the early 90s when people used various techniques to discover other people’s personal information. The name comes from dropping documents which evolved to dropping dox and eventually doxxing over time. Doxxing attacks can be mild, like signing you up for spam, or more malicious, like contacting your employer and getting you fired.
Doxxers can gather information about you from various sources on the web, using the breadcrumbs you leave behind. Like Hansel and Gretel, everything you do on the web leaves a trail–a little informational breadcrumb–about you. They can follow those crumbs to discover your real name, home address, social security number, mobile number, and even your credit card details.
It isn’t just a tool that faraway cybercriminals use, though. The people around you may be looking for your personal information right now. These days, even teens and college students take part in doxxing the people they know.
Why Would Someone Doxx You?
Even if you’re not a celebrity or some public figure, people may want to hurt you for various reasons. If you said or did something they didn’t agree with or if you work for a company they don’t like, you can be doxxed. That can lead to various people harassing you and can even cost you your job in some cases. Activists, journalists, and people who take part in rallies or protests get doxxed regularly.
People also doxx others because they’re inherently malicious. In 2018, online gamer Andrea Rovenski’s mother suffered a stroke after they got swatted “as a prank”. Swatting involves someone calling the police and reporting your address with a fake threat.
Sometimes, people have no malicious intent towards you, specifically. For example, in the 2021 Twitch hack, streamers’ incomes were posted online and became a big topic of public scrutiny but the cybercriminals didn’t do it to target them. They had released all the company’s data in a bid to hurt the company for their own reasons, and the streamers’ personal information was just part of it. That said, those streamers didn’t appreciate they had been doxxed all the same.
8 Ways You Can Be Doxxed
Some breadcrumbs are larger than others. Remember cookies? The websites you visit collect information about you, and you can’t do much about that. Luckily, these tend to be small crumbs, unless you sign up for a newsletter or create an account.
You can leave much bigger clues when you share your life’s details in online posts. Social media is a huge culprit in this area and has made doxxers’ lives so much easier. Let’s take a look at some of the ways people can find information about you online.
1. Stolen Data/Cyber Breaches
Cybercriminals regularly hack into companies’ server networks and sell the data they collect to bidders on the dark web. Sometimes, they post this data anonymously for everyone to see without payment.
2. Posts on Forums and Online Chats
People tend to give out information more freely when they post with anonymous usernames on forums like Quora and Reddit. They don’t realize anyone can piece these bits of information together to discover their true identity. Especially if they use the same username across multiple accounts.
3. Social Media
You share a massive amount of detail about your life on social media, even if you don’t realize it. Everything from your photos, check-ins, tags, comments, and likes can give away information about you. People can also screenshot and share that information on other websites.
4. Your ISP/IP Address
Your IP address is linked to your general physical location and your ISP. Along with other information, cybercriminals can use it to find you in real life. They can also contact your ISP with a tech support scam and request more information about you. That requires a gullible ISP employee, but it has happened before.
5. Data Brokers
Data brokers gather information about you from other websites, social media, and public records. That includes things like your online purchases, government records like your marriage license, and your browser search history. They usually sell these to advertisers and companies, but they also have no problem selling them to anonymous buyers.
6. Data Aggregators
Similar to data brokers, data aggregators collect information like your email address, mobile number, job history (via LinkedIn), and social media handles and list them online. Many hide most of this information behind a paywall, but some easily discoverable websites provide it for free.
7. Phishing Scams
Phishing scams vary in type and platform, but all of them intend to get either personal information or money out of you. Doxxers can easily find your email address and send you phishing scams to gather more information about you, as people’s email addresses are generally more simple to find/guess.
8. Packet Sniffing
Simply put, data travels across the internet in tiny packets that are transported from one point (device) to another (server) and back. Cybercriminals can sniff out these packets using techniques like a man-in-the-middle attack to intercept and see your data. That lets them gather your active browsing history and any personal information you send over the web, like your login details.
Some people say they don’t care if their name or home address is public knowledge. The internet never forgets though. Once your information has been exposed, it’s nearly impossible to get it off the web. People can also do whatever they want with that information, like impersonate you, target you, or stalk you. If you want to know how to avoid getting doxxed, read the few tips below. Keep in mind, it can still happen, even if you’re careful, but you can avoid being an easy target.
What to Do if You’ve Been Doxxed?
Discovering your personal information plastered all over the web can be a nasty shock. Don’t panic and remember that this will blow over. That said, you should do some things right away:
-
- ✔️Contact the support team of the website where your information was posted. That way, they can remove the information and possibly take further action against the poster.
- ✔️Document and screenshot every part of the attack, including any additional harassment you receive because of it. Do a thorough online search to find any websites that have copied and posted your information.
- ✔️Report the incident to your local police and, hopefully, they’ll take the issue to the correct authorities. Most countries don’t currently have a specific department with official jurisdiction over doxxing attacks.
- ✔️Reach out to your bank right away if your financial information has been compromised.
- ✔️Change your account passwords and privacy settings on social media. Make sure to also delete any old posts or accounts that give away too much information about you.
- ✔️Get in touch with trusted friends and family for emotional support. You may have a hard time ahead of you and you don’t have to go through it alone.
- ✔️Set up a Google Alert so you can be notified if your information is posted anywhere else. (optional)
- ✔️Think about changing your phone number, getting a new email address, and changing your usernames if things get bad enough.
Is Doxxing Illegal?
For now, doxxing isn’t illegal in most places, depending on the type of information you publish. It’s not illegal to publish information that’s part of public records like someone’s name, marital status, and birth certificate, even without their consent. It’s illegal when someone publishes things like your bank account details, social security number, and home address. This is usually handled on a case-by-case basis though.
While doxxing may not be inherently illegal, people can be charged for related activities such as stalking, threats, and harassment. States like California, Oregon, and Kentucky in the US and countries like Hong Kong and South Korea passed specific laws against doxxing in recent years.
Doxxing is still a tricky subject in the legal sphere because it’s sometimes similar to vigilante justice. Lawmakers also tend to fall behind when it comes to technological advancements and take a long time to catch up.
If you want to file a civil lawsuit for doxxing, you’ll normally need:
-
-
-
-
- Proof that you were harmed or impacted in some way.
- Proof of the doxxer’s identity.
-
-
-
The second requirement makes it extremely hard to file a lawsuit against someone for doxxing as they often use tools like Tor and anonymous usernames to hide their identities. You need to rely more on preventative measures to avoid being doxxed since taking action is nearly impossible after the fact. Here are 9 tips below on how to protect yourself from doxxing.
9 Ways to Prevent Doxxing
You’ve probably typed your name into a search engine before to see what results come up. Do you think the things people see when they search your name can be used against you? You’d probably be surprised by how much information you’ve given away already and how this can be used to find out even more about you.
If you want to learn how to avoid getting doxxed, you should be cautious about sharing too much of yourself with the internet. Here are 9 ways you can be more cautious on the web:
“Doxxing is a lowball practice and should be legally charged as any other crime. We all wish the internet was a safe place; however, it’s not, and you should be especially cautious of everyone.”–Ada Ivan, Malware Analyst, CyberGhost VPN
1. Don’t Overshare
It’s easy to think of sharing every detail of your life online as harmless. Who would really care where you ate today or who your family members are? When you think about it, though, even those little bits of information can help creeps figure out where you live and who you care about. Once those breadcrumbs are online, you might as well assume they’re there forever.
Here are the top 3 riskiest things you shouldn’t do on social media:
- Tag locations or use geographical hashtags because they give away your location.
- List your family members, because they may share personal information others can use to find you. Remove them or change your view settings to “Friends Only”.
- Post personal details like who you bank with, what insurance company you use, or any personal digits like your mobile number or social security number.
Consider deleting social accounts you don’t use, or all of them, if everything you’ve read here has scared you off social media. Our guides can help you through the process:
2. Review Your Privacy Settings & Profiles
Use all of the privacy settings available on your social accounts to restrict how much information they share publicly. Platforms like Facebook, Twitter, Instagram, and Tik Tok have various privacy settings that give you the power to choose who sees your posts.
Some of them also let you see what other people can see when they look at your profiles and posts. For example, if you go on your Facebook profile, click on the ellipsis (3 dots), and select View As, then you’ll see your public profile.
Go through your profiles on all your online accounts, including non-social ones, and check what personal information they have. Change your profiles so they only show the necessary information. A photo editing app, for example, doesn’t have to know your full name, address, and contact details.
3. Don’t Recycle Your Passwords
The major problem with reusing passwords, in terms of doxxing, is if one account is hacked, people can get into your other accounts too. Those accounts may reveal more personal information than you’re comfortable sharing and can lead to some nasty surprises. Always generate complex passwords that include letters, numbers, and symbols. The longer, the better, because you wouldn’t want your doxxer quickly guessing or brute-forcing your passwords. It wouldn’t even be that complicated:
Password length | Time it takes to crack it |
9-characters long | Up to 5 days |
10-characters long | Up to 4 months |
11-characters long | Up to 10 years |
12-characters long | Up to 200 years |
You’ve probably heard this over and over by now, but it’s such a crucial piece of advice: you need to use strong and unique passwords for each account to protect your digital privacy. Change them regularly, pair them with a reliable password manager, and you’re good to go. If you need help creating strong passwords, check out our 5 tips for creating a secure password.
4. Protect Your Privacy with a VPN
A VPN makes it impossible for someone to use your IP address to find you, which greatly reduces your chances of becoming a doxxing victim.
A VPN encrypts your connection and sends it through a secure server before you connect to the public internet. This replaces your real IP address with one that a lot of other people share, so doxxers can’t track your physical location or your online activities.
When you sign up for a CyberGhost VPN subscription, you can protect 7 devices simultaneously with our state-of-the-art 256-bit AES encryption. We also provide access to 116 server locations throughout 91 countries, and superior privacy with our bulletproof No Logs policy.
You get even more benefits with a CyberGhost VPN account:
-
-
-
-
- Ample 45-day money-back guarantee
- User-friendly apps for all your devices (including Android, iOS, Windows, macOS, and Linux).
- Ultra-fast speeds with streaming-optimized VPN servers
- Dedicated 24/7 Customer Support team
- Full protection against ISP snooping
- Better online privacy
- Incredible extras like a privacy browser and security suite
-
-
-
5. Use Different Anonymous Usernames
When you use the same username for every account, people can easily link those accounts together to identify you. For example, if you post your job history in one forum and share the name of your city in another, people can piece those details together. Try to use a different username for every account, like your passwords. It’s better if they aren’t similar either.
6. Avoid Third-Party Login & Enable Multi-Factor Authentication
Try to fight the convenience of registering for new websites using buttons like “Login with Facebook” or “Login with Google”. Third-party login means you have one less set of credentials to remember, but the drop in security might not be worth it. It directly links those accounts, so if one is compromised, it’s extremely easy to get into the others.
Enable multi-factor authentication for every account as well. Multi-factor authentication sends a pin to another account or device when you (or someone else) log into an account. This prevents someone from gaining direct access to an account, even if they get hold of your password. Try to link it to your mobile number rather than your email address, in case your email account is ever hacked.
7. Request Removal of Your Personal Data
Data brokers don’t legally own your information and you can contact them to remove the data they have. You’ll have to contact each individually and they’ll probably drag the process out in hopes you give up. That’s frustrating, but you have the right to demand they delete your information.
Unfortunately, it’s extremely hard to find every data broker that has your information. Some countries have national opt-out databases where you can request the removal of specific information, like your mobile number, from companies’ databases.
8. Use an Antivirus
A good antivirus provides another layer of protection on your devices and keeps outsiders from snooping around. Cybercriminals, including doxxers, use viruses and other malicious programs to get into your files and online accounts. An antivirus is a must to stay safe since it doesn’t just scan and block online attacks, but also detects suspicious behavior. If you sign up for a CyberGhost VPN account, you automatically get access to our Security Suite for Windows. It’s an all-in-one antivirus and anti-malware app with a secure software updater, privacy guard, and VPN.
9. Avoid Other Digital Threats
The internet isn’t called the web for no reason–everything is connected. That includes security threats. Someone can use phishing to catch you unawares and suddenly they hack your email account. Next, you find out someone’s changed your social account passwords, and then all of your data is shared online. You’ve been doxxed because you fell victim to a phishing attack. That’s why you need to stay vigilant and do what you can to avoid cybersecurity threats.
Don’t Give Doxxers Power Over You
Seeing people post personal details about your life online is stressful and can leave you feeling powerless. Doxxers may be able to find out many details about your life thanks to the breadcrumbs you leave behind. Breadcrumbs are little pieces of information, like your occupation on LinkedIn and your Friends list on Facebook, that doxxers can piece together. They can use that information to harass you, stalk you, impersonate you, and even make you lose your job.
It should be illegal, but unfortunately, you won’t have much legal help most of the time. All you can do is make sure you don’t overshare online and to use security tools like CyberGhost VPN to protect yourself preemptively.
“You also have the power, at least to a degree, to control what personal data websites can gather and display to the public. As long as you’re mindful about how you gather your data and use it online, you can avoid being doxxed.
FAQ
Doxxing is when someone finds your personal information and then releases that information publicly on the web. Cybercriminals doxx people for various reasons. This may happen because you argued with them, they don’t like you, they feel slighted, or as a prank.
Doxxers get your information from various places on the web, jump to the section about how you can be doxxed to find out more. You can also sign up for CyberGhost VPN to hide your IP address and protect yourself against IP address-based doxxing attacks like swatting.
People who reveal a lot of personal information about themselves online are easier to doxx. Social media has made doxxing easier because people’s profiles tend to contain information like their name, photo, job, and where they live.
CyberGhost VPN makes it hard for doxxers to get information like your IP address, which reveals your general location and can be used to find you. Our 45-day money-back guarantee gives you time to explore all our security features.
You can’t entirely avoid getting doxxed ever, but you can limit the number of information doxxers can find to protect yourself from doxxing. Check out the how to prevent doxxing section for more information. One of the best things to do is get a VPN to secure your online connection. You can get more peace of mind and online privacy with CyberGhost VPN’s impenetrable 256-AES encryption.
A VPN encrypts your connection and routes it through protected servers to prevent doxxers from discovering your IP address. It hides your IP and you get the server’s IP which many other people share, making you disappear like a drop in the ocean. You’ll still have to be careful with what personal information you share online.
Reach out to the CyberGhost VPN Customer Support team for more information, they’re available 24/7 to answer your questions.
When someone doxxes you, they reveal any personal information that you didn’t consent to being exposed publicly, including:
– Revealing your full name, physical address, place of work, or family members
– Releasing your personal photos, videos, or recordings
– Posting your social security number, mobile number, email address, or other personal documents
– Exposing your income, tax records, or other financial information
Download the CyberGhost VPN app for Android, iOS, Windows, macOS, and Linux to hide your IP address and protect all your devices.
Leave a comment
SomeRandomDudeOnline
Posted on 16/05/2021 at 18:22
hi,
sorry if my question sounds a bit dumb. But I’m genuinely curious. Let’s suppose someone decided to dox me and succeeded in finding my name, age, nationality, address, working place, all the good stuff. What can they do with it? I understand that bank info is very dangerous since they could just empty your account, but other than that…?
Thank you in advance for your explanation.
Dana Vioreanu
Posted on 17/05/2021 at 09:03
Hi there,
Well, we gave a few examples in the article on how far doxxing can go. If someone knows all these details, they could steal your identity and use it in exchange to acquiring benefits such as a loan, insurance, etc. They could stalk or harass you or your friends and family, they could play all sorts of pranks (and not the innocent kind). It could even lead to someone being killed by accident.
Hope this answers your question.
Dustin Wood
Posted on 25/03/2021 at 21:40
I was recently doxxed, and I’m being harassed with random calls daily, my fiancee recently received a text message from a random number with my picture phone # and a banner that said that I betrayed. And a VM that said the same thing how do we get the hackers to loose our trail.
Dana Vioreanu
Posted on 26/03/2021 at 08:50
Hi Dustin,
Really sorry you’re going through this ugly situation. You can report this to the local police department. As doxxers seem to have your phone numbers, it would be a little difficult to have them lose your trail, unless you change the numbers. Try to figure out yourself (or ask the police for help) who could this person be or from where they could have found your phone number. Try to remember if you shared your phone number with a new service or company lately. Last but not least, increase your general privacy settings. So, try to keep all your accounts and platforms as private as possible.
Best of luck!