What Is Doxxing? How It Works and How To Prevent It

Doxxing is when someone exposes your personal information online, usually as a way to intimidate you. Learn more about what you can do to prevent doxxing and report it.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

Even if you are careful about what you share online, your private information can often be found on other websites or learned by a hacker with a socially engineered phishing email. Doxxers take this personal data and share it on the internet without your permission.

Doxxing can occur to anyone, but there are steps you can take to protect yourself against this threat.

In this article
What is doxxing?
How to avoid doxxing
How to find out how easy you are to dox
What to do if you’ve been doxxed
Doxxing FAQs
Bottom line

What is doxxing?

Doxxing (also spelled "doxing") occurs when someone publicly shares your personal information on the internet. People can acquire these pieces of information with the following tactics:

  • Searching public records and databases
  • Looking at your social media profiles
  • Hacking accounts
  • Purchasing data like contact information on the dark web
  • Sending a phishing email

Doxxers may target you or even your family members to learn and share your IP address, home address, phone numbers, financial information, Social Security number (SSN), or other details. A doxxing attack is designed to harass, intimidate, or embarrass the victims.

Many people use usernames to cover their real identity for privacy reasons. Doxxing is often a form of online harassment since it works to reveal a person's identity and expose them to further cyberbullying.

What is swatting?

Swatting is a type of doxxing and happens when someone makes a false report to trick law enforcement into going to an innocent person's house. The harassers sometimes make elaborate falsehoods, e.g., a hostage situation or gunfire, to try to send heavily armed Special Weapons and Tactics (SWAT) teams, hence the term "swatting." This type of harassment is a crime since it wastes law enforcement resources and creates an environment of fear.

How does doxxing happen?

We put a lot of things on the internet — social media posts and comments are just a couple of examples. But people are often unaware of data brokers and people search sites. They collect publicly available and personal information on people and then share it on their websites.

Anyone can learn your personal information if they take the time to do the research. If they are tech-savvy, they might even create sophisticated cyberattacks to glean more information from you.

Here are a few ways doxxers can gather personal information:

  • Tracking the same username across multiple social media accounts
  • Running a WHOIS search on a domain name
  • Sending a phishing email to learn the login credentials of your email account
  • Looking through government documents, e.g., voter registration
  • Tracking IP addresses to learn your geographical location
  • Searching for information on data broker sites
  • Intercepting data sent over a public network

Real-life examples of doxxing

Doxxing can happen to anyone from celebrities to your neighbor. Some recent examples of doxxing include:

Is doxxing illegal?

It depends. Sometimes doxxing uses legal methods to learn personal information, but If it was obtained through illegal methods like hacking, then it could be a crime. Doxxing may be considered harassment, stalking, or threatening, which could mean police involvement. It will depend on your local jurisdiction laws.

How to avoid doxxing

Doxxing attacks are stressful, but there are plenty of techniques to minimize the chance of someone exposing your data online.

Be careful what you share online

In the age of social media, people are used to posting about their big life events or what they had for breakfast. If you allow people outside of your network to see your posts, it can open up a higher risk of getting doxxed.

For example, if a security question for one of your accounts is "Where did you go to high school?" and you have posted about where you want to school online publicly, this makes it easier for a hacker to access your account.

Update your privacy settings

Doxxing often utilizes what you have posted on the internet. Take a look at all of your social media profiles, including those you don't use anymore (like that personal blog from eight years ago). Then evaluate what content you share and if it needs to be publicly available.

For example, you may use Twitter for personal branding and interacting with your colleagues. In this case, you may want to keep your profile public and ensure your content is professional. Personal content like the photos of your latest family vacation may be better off on a private Instagram account. Every person's needs will vary, so take the time to consider what you want and then change your privacy settings accordingly.

Use different usernames and passwords

Good password habits include using strong passwords for all accounts. If you consistently use one password, then it opens up the door for a hacker to access all of your accounts. You may want to consider using a password manager to store your passwords safely, so you don't have to worry about remembering them all.

Like passwords, we often use the same username across multiple accounts. Usernames are often publicly shown, making it easier for a doxxer to track you across multiple platforms. You may want to consider using different usernames and avoid using your real name to make it harder to track you.

Use a VPN on public Wi-Fi

A virtual private network (VPN) creates a private internet connection. It's useful for masking your IP address and geographic location. It's especially valuable if you are connected to a public Wi-Fi network. Hackers can easily hijack the connection and view your online activity. A VPN prevents this possibility since it encrypts your online traffic.

Here are a few recommendations for VPNs:

Use an identity theft protection service

An identity theft protection service can monitor databases to see if they contain new or inaccurate information about you. Before investing in a service, you may want to consider checking if your credit card provider, bank, or insurance offers services to protect your identity. They may be able to alert you to suspicious activity. You may also want to request fraud alerts from national credit bureaus like Equifax, Experian, or TransUnion.

Here are some identity theft protection services to consider:

Request removal of your data

Many websites and companies have your data. Take data brokers, for example. They gather information about you and then sell it to companies for marketing purposes. Some of the biggest data broker sites include Epsilon, Oracle, and Acxiom.

People-search sites can also contain your personal information. All you need to do is enter a name, and it will return the person's address, age, possible relatives, and other private data.

Fortunately, you can request the removal of your data. The downside is that it usually takes a lot of time and effort to do so. You'll also need to repeat the process regularly to avoid data brokers from rebuilding a profile on you. Many people decide to enlist the help of companies that specialize in removing your personal information from data broker sites. Here are a few places that offer data scrubbing services:

Use antivirus software

Sometimes doxxers can gather your sensitive information through malware or phishing scams. Using up-to-date antivirus software can help block these types of cyberattacks. Some antivirus programs also include identity theft protection features, such as alerts for when your online accounts have been compromised.

Some of our top recommended antivirus programs that include phishing protection are the following:

Some phishing scams use social engineering to lure you into downloading malware or collect information. If an email, text message, or social media message looks suspicious, don't click on any links or attachments.

How to find out how easy you are to dox

It may be difficult at first to gauge how much you've shared on the internet over the years. Especially when you consider old social media profiles you may no longer use. Here is a step-by-step guide to researching how easy it is to dox you:

  • Start with a Google search. Entering your name and location could reveal a trove of sites containing personal information you don't want on the internet.
  • Do a reverse image search. This can help you find your photos on the internet. On your computer browser, open up images.google.com. Then click "Search by image" (the camera icon) to upload a picture. You could also drag and drop an image into the search bar.
  • Start auditing your social media profiles and personal blogs. Some of these may contain information you don't want to share publicly where the wrong person could use it to exploit you. You'll want to alter your privacy settings to what works for you.
  • Check if your data has been breached. Sites like haveibeenpwned.com let people search recent data breaches and see if any personal information was leaked online. Your VPN provider or password manager may also have these types of services.
  • Review your online resume. Many people have posted their resumes or CVs to their professional websites or on LinkedIn. Take a look at it and ensure information like your phone number or address is excluded.

What to do if you’ve been doxxed

When someone unleashes a doxxing attack on you, it's understandable to feel overwhelmed and hurt. Taking the steps toward reporting the attack and protecting yourself from further damage may help in your recovery process. Here are a few steps to consider taking:

Document the attack

Collecting evidence is crucial for law enforcement and other authorities to take action against the doxxing attack. You'll want to take screenshots of where your personal details were posted. Don't forget to put the date and time in your documentation. Do this as soon as possible before the evidence is removed.

Report the attack

You'll want to take immediate action to report the attack and stop your information from getting spread further. Each website, forum, or platform may have different policies on how to report doxxing attacks. You may want to take a look at the community guidelines to determine how to report the attack and request the removal of your private data.

Contact your local police department

Depending on the circumstances, you may want to contact your local police department. Laws surrounding doxxing aren't always clear, but if you are being stalked, harassed, or threatened, the police may be able to help.

Let your bank know

If your financial information was exposed, you'll want to notify your bank, credit card issuers, and credit bureaus. You may need to cancel and replace your credit cards and monitor your credit to protect against unauthorized transactions.

Change your passwords

You may also want to change your usernames and passwords to fight against the doxxing attack. A password manager can create strong passwords and keep them safe for you. You can take this a step further by enabling two-factor authentication where possible. This means an attacker will need to authenticate an identity twice making it more difficult to hack your account.

Invest in identity theft protection and monitoring

Even if you manage to get your personal information deleted, you probably don't know who saw it and what they intend to do with it. Investing in identity theft protection and monitoring can relax the burden of constantly monitoring your accounts to spot any red flags.

Doxxing FAQs


+

What is doxxing in crypto?

Many high-profile cryptocurrency traders opt to have an anonymous identity to protect themselves from the threat of hackers. However, some people have raised concerns about accountability if you don't know who the individual is. Doxxing in the crypto industry tries to identify these traders.


+

What is doxxing in gaming?

Online gamers frequently use pseudonyms while playing. Doxxing in gaming refers to identifying these players and sharing information like their home addresses. This could lead to community harassment. The threat of doxxing was enough for one gaming player to remove themselves from a competition.


+

Can you dox yourself?

You could dox yourself on the internet to see what public information is available. This can help you see your information from a potential doxxer's perspective so you can take proactive steps to protect yourself. 

A simple start is to search your name on online search engines, review what you have publicly posted on social media, and look at data brokers and people-search sites.


+

Can you get doxxed with a VPN?

VPNs are useful for hiding your IP address and geographic location. Doxxers usually start by identifying your IP address to learn more about your real identity, and VPNs can help block that information. However, there are other ways for someone to dox you. You'll need a multi-layered security approach to minimize the risk of doxxing.

Bottom line

Personal information is easily accessible online. Doxxers can track this data and start building a profile on you over time. They may also use techniques like phishing to gain even more access to your data and accounts. Then they share this information online in a way that is designed to make you feel less safe.

There isn't always a legal repercussion to doxxing, and you may find it worth the effort to guard your online privacy to prevent yourself from becoming a victim. Creating different usernames across profiles, changing the privacy settings to social media accounts, and using a VPN like NordVPN are easy ways to protect your data and privacy.

Customizable Coverage That is Simple to Use
4.9
Editorial Rating
Learn More
On NordVPN's website
VPN
NordVPN
Up to 66% off 2-year plans + 3 months extra
  • Ultra-secure, high-speed VPN complete with malware protection and automatic blocking of intrusive ads and third-party trackers
  • Other benefits include a premium password manager, dark web monitoring, and access to IP-restricted content
  • 3 plans to choose from for custom protection on up to 10 devices
  • Too many confusing plans

Author Details
Sara J. Nguyen is a freelance writer specializing in cybersecurity. She aims to help people protect their data while enjoying technology. She has written about online privacy and tech for over 5 years for several organizations. When she's not writing about the latest cybersecurity trends, you can find her on LinkedIn.