Guide: What Is Doxxing and How to Protect Yourself Online

Doxxing happens when someone shares your private information online without your consent. It’s an invasive and sometimes dangerous act that can lead to harassment or worse. While stories of celebrities and influencers being doxxed often make headlines, this isn’t just their problem. Everyday people can be targeted too. In fact, over 11 million Americans were doxxed in 2024 alone, according to a SafeHome study.

If you’ve ever posted on social media or joined forums like Reddit, you’ve likely shared bits of personal information without thinking twice. Unfortunately, some people misuse those details to cause harm. But don’t worry—there are practical steps you can take to protect yourself.

In this guide, we’ll break down what doxxing is, how it happens, and what you can do to avoid it. Whether you want to keep your information safe or simply understand how doxxing works, you’ll find everything you need here.

CyberGhost VPN adds a layer of privacy to your connection that helps prevent doxxing by masking your IP address (your general location) and encrypting your online activity. With CyberGhost VPN, you can browse safely without leaving your personal information vulnerable to threats and outsiders. Using the VPN is as simple as downloading the app, signing in, and connecting to one of our high-speed servers in the location of your choice.

What Is Doxxing and Why Is It Dangerous?

Doxxing, also spelled “doxing”, is one of the oldest and most invasive forms of online harassment. This practice involves exposing someone’s private information without their consent. 

It started in the early 90s when people used various techniques to discover other people’s personal information. The name comes from the term “dropping documents,” which evolved into “dropping dox” and eventually “doxxing” over time. Doxxing attacks can be mild, like finding your email address and signing you up for spam, or more malicious, like posting your details online and telling people to contact your employer to get you fired. It can even involve people opening accounts in your name or making fraudulent purchases under your identity. 

The danger of doxxing lies in the type of information that’s made public. Doxxers can gather information about you from various sources on the web, using the breadcrumbs you leave behind. Like Hansel and Gretel, everything you do on the web leaves a trail – a little informational breadcrumb – about you. They can follow those crumbs to discover your real name, home address, social security number, employment records, mobile number, private photos and videos, and even credit card details.

It isn’t just some tool that faraway cybercriminals use, though. What began as a way to expose trolls has morphed into a tactic for silencing others, intensifying online harassment, and escalating real-world conflicts. While some countries have criminalized doxxing, enforcement remains a challenge due to online anonymity and jurisdictional limitations.

How Do You Get Doxxed?

Even if you’re not a celebrity or some public figure, people may want to hurt you for various reasons. Here’s a closer look at some of the more common reasons behind why people get doxxed:

    • Online Disputes: Doxxing can be weaponized in online arguments or feuds. Someone who feels slighted or wronged may dox the other person as a form of “payback.”
    • Personal Grudges: It can also be motivated by personal history. An ex-partner, former friend, or anyone with a grudge might resort to doxxing as retaliation against you.
    • Suppression of Speech: For individuals with controversial views or those who speak out on sensitive topics, doxxing can be a tactic used to discourage them from sharing their opinions. The threat of harassment or job loss after being doxxed can have a chilling effect on free expression.
    • Cyberbullying: Doxxing often overlaps with cyberbullying as it can also intimidate, shame, and emotionally distress the victim. By releasing your personal details, doxxers turn your private life into a public spectacle, hoping to humiliate you.
    • Hacktivism: Hacktivists sometimes use doxxing to expose individuals or organizations they believe are unethical. This often targets people associated with hate groups, corruption, or controversial activity. Remember when news broke about the dentist who hunted Cecil the Lion? He sparked public outrage and got doxxed as part of the backlash from people who wanted him held accountable. Someone released his identity to the public, leading to death threats and review bombs against his practice.
    • Extremism: Extremist groups may dox journalists, activists, or members of particular communities to instill fear or silence opposition.
    • Extortion: In some cases, doxxers may threaten to release sensitive information unless the victim pays a ransom. This tactic combines doxxing with extortion for financial gain.
    • Identity Theft: Personal information exposed through doxxing can be exploited for identity theft and financial fraud. Access to details like social security numbers, bank accounts, or credit card information can result in unauthorized transactions or loans in the victim’s name.

Doxxing incidents aren’t just pranks. They can cause life-threatening situations. In 2018, online gamer Andrea Rovenski’s mother suffered a stroke after being doxxed and then swatted “as a prank.” Swatting involves someone calling the police and reporting your address with a fake threat. 

Not every doxxing incident targets someone maliciously, though. For example, in the 2021 Twitch hack, streamers’ incomes were posted online and became a big topic of public scrutiny but the hackers involved didn’t do it to target them. They had released all the company’s data in a bid to hurt the company for their own reasons, and the streamers’ personal information was just part of it. That said, those streamers naturally didn’t appreciate being doxxed all the same.

12 Ways People Can Find Your Personal Information Online

Some online breadcrumbs are larger than others. Remember cookies? The websites you visit collect information about you, and you can’t do much about that. Luckily, these tend to be small crumbs, unless you sign up for a newsletter or create an account.

You can leave much bigger clues when you share your life’s details in online posts. Social media is a huge culprit in this area and has made doxxers’ lives so much easier. Let’s take a look at some of the ways people can find information about you online.

1. Stolen Data/Cyber Breaches

Cybercriminals regularly hack into companies’ server networks and sell the data they collect to bidders on the dark web. Sometimes, they even post this data anonymously for everyone to see without payment.

2. Posts on Forums and Online Chats

It’s easier to give out personal information more freely when you post with anonymous usernames on forums like Quora and Reddit. You may not realize that anyone can piece these bits of information together to discover your true identity. Especially if you use the same username across multiple accounts.

3. Social Media Stalking

You share a massive amount of detail about your life on social media, even if you don’t realize it. Everything from your photos, check-ins, daily routines, travel plans, tags, comments, and likes can give away information about you. People can also screenshot and share that information on other websites. Doxxers can mine this information or even create fake profiles to infiltrate your online circle and gather more intimate data including information about your family and friends.

4. Your ISP/IP Address

Every online device has a unique IP address that can reveal details about your approximate location and browsing habits. Along with other information, cybercriminals can use it to find you in real life. They can also contact your ISP with a tech support scam and request more information about you. That requires a gullible ISP employee, but it has happened before. 

5. Data Brokers

Data brokers gather information about you from other websites, social media, and public records. That includes things like your online purchases, government records like your marriage license, and your browser search history. They usually sell these to advertisers and companies, but they also have no problem selling that information to anonymous buyers.

6. Data Aggregators

Similar to data brokers, data aggregators collect information like your email address, mobile number, job history (via sites like LinkedIn), and social media handles and list them online. Many hide most of this information behind a paywall, but some easily discoverable websites provide it for free.

7. Phishing Scams

Phishing scams vary in type and platform, but all of them intend to get either personal information or money out of you. Doxxers can easily find your email address and send you phishing scams to gather more information about you, as people’s email addresses are generally more simple to find/guess. A cleverly crafted email could prompt you to enter your login credentials or share sensitive details, which the doxxer then captures.

8. Packet Sniffing

Simply put, data travels across the internet in tiny packets that are transported from one point (device) to another (server) and back. Cybercriminals can sniff out these packets using techniques like a Man-in-the-Middle attack to intercept and see your data. That lets them gather your active browsing history and any personal information you send over the web, like your login details. Public Wi-Fi networks are highly vulnerable to these kinds of attacks, also known as packet sniffing.

9. Public WHOIS Records

When you register a domain, your contact information – name, address, email, and phone number – often ends up in the public WHOIS database. While intended for transparency, this database can be a goldmine for doxxers seeking personal information.

10. Government Records

Public databases often house government records, including property deeds, court proceedings, and voter registrations. These records are often easily accessible and provide a lot of personal information, which doxxers can use to build a profile.

11. File Metadata

Digital files, including documents and photos, carry metadata that can disclose a surprising amount of information. For example, a Word document may reveal who created and edited it and even the company – which may be your employer – associated with it. Photos contain EXIF data, which might include location details if GPS was enabled when the photo was taken.

12. Reverse Lookups

Online tools or so-called people finders can reveal personal details from limited information. These tools take a small piece of information, like a phone number or email address, and use it to find other connected pieces: your name, address, social media profiles, and more. While many use these tools for legitimate purposes, doxxers exploit them to dig up sensitive information.

Some people say they don’t care if their name or home address is public knowledge. The internet never forgets, though. Once your information has been exposed, scrubbing it off the web is nearly impossible. People can also do whatever they want with that information, like impersonate you, target you, or stalk you. If you want to know what to do if you were doxxed, read the quick tips below.

What to Do if You’ve Been Doxxed

Discovering your personal information plastered all over the web can be a nasty shock. Try to avoid panicking (easier said than done!), and remember that this will blow over. That said, you should do some things right away:

    • ✅  Contact the support team of the website where your information was posted. That way, they can remove the information and possibly take further action against the poster.
    • ✅  Document and screenshot every part of the attack, including any additional harassment you receive because of it. Do a thorough online search to find any websites that have copied and posted your information. You can also send them requests to remove it as soon as possible.
    • ✅  Change your account passwords and privacy settings on social media. Make sure to also delete any old posts or accounts that give away too much information about you.
    • ✅  Report the incident to your local police and, hopefully, they’ll take the issue to the correct authorities. Most countries don’t currently have a specific department with official jurisdiction over doxxing attacks.
    • ✅  Reach out to your bank right away if your financial information has been compromised and follow their instructions.
    • ✅  If your work information was exposed or you’re facing harassment that could affect your job, inform your employer about the situation.
    • ✅  Consult with a content removal attorney who specializes in online harassment. They can guide you through potential legal actions, including cease and desist letters or other remedies.
    • ✅  Get in touch with trusted friends and family for emotional support. You may have a hard time ahead of you, and you don’t have to go through it alone.
    • ✅  Set up a Google Alert so you can be notified if your information is posted anywhere else. 
    • ✅  Think about changing your phone number, getting a new email address, and changing your usernames if necessary.

Is Doxxing Illegal?

The legality of doxxing varies widely depending on where you live and the type of information exposed. It’s typically not illegal to publish information that’s part of public records like someone’s name, marital status, and birth date, even without their consent. It’s illegal when someone publishes things like your bank account details, social security number, and home address. This is usually handled on a case-by-case basis though.

While doxxing may not be inherently illegal, people can be charged for related activities such as stalking, threats, and harassment especially if it intentionally causes damage or places someone in danger. States like Illinois, California, Oregon, and Kentucky in the US and countries like Hong Kong and South Korea have passed specific laws against doxxing in recent years. 

Beyond legal repercussions, doxxing also violates the terms of service on many platforms, including social media sites like X, which bans users who post others’ private information without consent. Doxxing is still a tricky subject in the legal sphere because it’s sometimes done as a form of vigilante justice. Lawmakers also tend to fall behind when it comes to technological advancements and take a long time to catch up.

If you want to file a civil lawsuit for doxxing, you’ll normally need:

    • Proof of harm or impact: Showing that you were affected in a significant way.
    • Proof of the doxxer’s identity: A challenging requirement, as many doxxers use anonymous accounts or tools like Tor to conceal their identities.

It’s much easier to rely on preventative measures to avoid being doxxed since taking action after the fact is nearly impossible.

How to Protect Yourself from Doxxing: 11 Essential Tips

If you want to learn how to avoid being doxxed, you should be cautious about sharing too much of yourself with the internet. Here are 11 ways you can be more cautious with your data on the web:

“Doxxing is a lowball practice and should be legally charged as any other crime. We all wish the internet was a safe place; however, it’s not, and you should be cautious of everyone.” – Ada Ivan, Malware Analyst, CyberGhost VPN

1. Don’t Overshare on Social Media

It’s easy to think of sharing every detail of your life online as harmless. Who would really care where you ate today or who your family members are? When you think about it, though, even those little bits of information can help creeps figure out where you live and who you care about. Also, once those breadcrumbs are online, you might as well assume they’re there forever.

Here are the top 3 riskiest things you shouldn’t do on social media:

  1. Tag locations or use geographical hashtags because they give away your location.
  2. List your family members because they may share personal information others can use to find you. Remove them or change your view settings to “Friends Only”.
  3. Post personal details like who you bank with, what insurance company you use, or any personal digits like your mobile number or social security number.

Consider deleting social accounts you don’t use – or all of them, if everything you’ve read here has turned you off social media entirely. Our guides can help you through the process:

2. Review Your Privacy Settings & Profiles

Use all the privacy settings available on your social accounts to restrict how much information they share publicly. Platforms like Facebook, Twitter, Instagram, and TikTok have various privacy settings that give you the power to choose who sees your posts and other information.

Some of them also let you see what other people can see when they look at your profiles and posts. For example, if you go on your Facebook profile, click on the ellipsis (3 dots), and select View As, you’ll see your public profile.

Go through your profiles on all your online accounts, including non-social ones, and check what personal information they have. Change your profiles so they only show the necessary information. A photo editing app, for example, doesn’t have to know your full name, address, and contact details.

3. Don’t Recycle Your Passwords

The major problem with reusing passwords, in terms of doxxing, is if one account is hacked, people can get into your other accounts too. Those accounts may reveal more personal information than you’re comfortable sharing and can lead to some nasty surprises. Always generate complex passwords that include letters, numbers, and symbols. The longer, the better, because you wouldn’t want your doxxer quickly guessing or brute-forcing your passwords.

You’ve probably heard this over and over by now, but it’s such a crucial piece of advice: using strong and unique passwords for each account is crucial to protect your digital privacy. Change them when needed (such as after a data breach), pair them with a reliable password manager, and you’re good to go. If you need help creating strong passwords, check out our 5 tips for creating a secure password.

4. Use Different Anonymous Usernames

When you use the same username for every account, people can easily link those accounts together to identify you. For example, if you post your job history in one forum and share the name of your city in another, people can piece those details together. Try to use a different username for every account, just like your passwords. It’s better if they aren’t similar either. By mixing it up, you make it harder for anyone trying to link your online activity back to you.

5. Avoid Third-Party Login 

Try to fight the convenience of registering for new websites using buttons like “Login with Facebook” or “Login with Google”. Third-party login means you have one less set of credentials to remember, but the drop in security might not be worth it. It directly links those accounts, so if one is compromised, it’s extremely easy to get into the others.

6. Enable Multi-Factor Authentication

Enable multi-factor authentication for every account as well. Multi-factor authentication sends a PIN code to another account or device when you (or someone else) log into an account. This prevents someone from gaining direct access to your accounts, even if they get hold of one of your passwords. Try to link it to your mobile number rather than your email address, in case your email account is ever hacked.

7. Request Removal of Your Personal Data

Data brokers collect people’s personal information from various sources and then sell that data to anyone willing to pay for it. That said, they don’t legally own your information and you can contact them to remove the data they have. You’ll have to contact each individually and they’ll probably drag the process out in hopes you give up. That’s frustrating, but you can demand that they delete your information.

Unfortunately, finding every data broker with your information is extremely hard. Some countries have national opt-out databases where you can request the removal of specific information, like your mobile number, from companies’ databases. Another option is to use a third-party service to handle this process on your behalf – but stick to vetted services with good reviews.

8. Use an Antivirus

A good antivirus provides another layer of protection on your devices and keeps outsiders from snooping around. Cybercriminals, including doxxers, use viruses and other malicious programs to get into your files and online accounts. An antivirus is crucial for staying safe from cyber attacks that could lead to doxxers getting your information since it detects and blocks suspicious behavior and files on your device.

9. Avoid Online Quizzes

Many online quizzes ask seemingly random questions that actually correspond to common security questions. For example, “What’s your favorite pet’s name?” may reveal an answer that could be used to access your accounts. Avoid providing personal details, like your name or email when taking these quizzes to keep your data safe. Even better, try to avoid filling out any online quizzes period.

10. Avoid Scams and Other Digital Threats

The internet isn’t called the web for no reason – everything is connected. That includes security threats. Someone can use a phishing email to catch you unawares and next thing you know, your email account is compromised. Then you find out someone’s changed your social account passwords, and next, all of your private information is shared online. You’ve been doxxed simply because you fell victim to a phishing attack. That’s why it’s important to stay vigilant and do what you can to avoid cybersecurity threats.

11. Protect Your Privacy with a VPN

A VPN makes it impossible for someone to use your IP address to find you, which greatly reduces your chances of becoming a doxxing victim. VPNs encrypt your connection and send your data through a secure tunnel to a VPN server before you connect to the public internet. This replaces your real IP address with one that a lot of other people share, so doxxers can’t track your physical location or online activity right back to you.

When you sign up for a CyberGhost VPN subscription, you can protect 7 devices simultaneously with our state-of-the-art encryption. Our strict no-logs policy and secure RAM-only servers help protect your online privacy, reducing your risk of getting doxxed.

FAQ

What is doxxing?

Doxxing is when someone publicly shares your private information online without your consent. This can include details like your name, address, phone number, or other personal data. It’s often done to harass or intimidate someone and can lead to serious privacy and safety concerns.

Is doxxing a crime in the US?

While there’s no federal law explicitly criminalizing doxxing in the US, it can fall under harassment, stalking, or cyberstalking statutes, especially if it involves intent to harm, intimidate, or harass. For instance, if someone shares your personal information and that leads to threats or harassment, the doxxer can face charges under federal harassment laws.

Is it easy to get doxxed?

Yes, it can be easy to get doxxed if you share too much personal information online. Social media profiles, forums, and even public records can provide doxxers with the details they need. Using the same username across platforms or not securing your accounts with strong passwords also makes it easier for someone to piece together your information. CyberGhost VPN makes it hard for doxxers to get information like your IP address, which reveals your general location and can be used to find you. Our 45-day money-back guarantee gives you time to explore all our security features.

Can you avoid getting doxxed?

You can’t completely guarantee you won’t get doxxed, but you can significantly reduce the risk. Avoid sharing too much personal information online, like your address, phone number, or workplace. Use strong, unique passwords and avoid using the same username across platforms. Enable privacy settings on social media and avoid interacting with suspicious links or quizzes. Tools like a VPN can also help by masking your IP address and keeping your online activity private. Being cautious and proactive is the best way to protect yourself.

Can a VPN protect you from doxxing?

Yes, a VPN can help protect you from doxxing by hiding your IP address, which prevents others from using it to track your location or identity. A VPN encrypts your online activity and routes it through secure servers, making it harder for anyone to intercept your data or piece together personal details. While a VPN enhances your privacy, it’s not a complete solution. You still need to be mindful of what information you share online to fully protect yourself.

What are some examples of doxxing?

When someone doxxes you, they reveal personal information that you didn’t consent to being exposed publicly, including your:

    • Full name, physical address, place of work, or family members
    • Private photos, videos, or recordings
    • Social security number, mobile number, email address, or other personal documents
    • Income, tax records, or other financial information

CyberGhost VPN helps to protect you against doxxing by masking your IP address (which represents your general location) and encrypting your data to secure your online activity, making it harder for attackers to access and expose your personal information.

Leave a comment

SomeRandomDudeOnline

Posted on 16/05/2021 at 18:22

hi,
sorry if my question sounds a bit dumb. But I’m genuinely curious. Let’s suppose someone decided to dox me and succeeded in finding my name, age, nationality, address, working place, all the good stuff. What can they do with it? I understand that bank info is very dangerous since they could just empty your account, but other than that…?
Thank you in advance for your explanation.

Reply

Hi there,

Well, we gave a few examples in the article on how far doxxing can go. If someone knows all these details, they could steal your identity and use it in exchange to acquiring benefits such as a loan, insurance, etc. They could stalk or harass you or your friends and family, they could play all sorts of pranks (and not the innocent kind). It could even lead to someone being killed by accident.

Hope this answers your question.

I was recently doxxed, and I’m being harassed with random calls daily, my fiancee recently received a text message from a random number with my picture phone # and a banner that said that I betrayed. And a VM that said the same thing how do we get the hackers to loose our trail.

Reply

Hi Dustin,

Really sorry you’re going through this ugly situation. You can report this to the local police department. As doxxers seem to have your phone numbers, it would be a little difficult to have them lose your trail, unless you change the numbers. Try to figure out yourself (or ask the police for help) who could this person be or from where they could have found your phone number. Try to remember if you shared your phone number with a new service or company lately. Last but not least, increase your general privacy settings. So, try to keep all your accounts and platforms as private as possible.
Best of luck!

Write a comment

Your email address will not be published. Required fields are marked*