Have you come across a random web post revealing a celebrity’s phone number or address?
That’s doxxing—and it does not just happen to celebrities. With over 5.16 billion internet users worldwide, everyone is at risk.
Doxxing is one of the most common types of online harassment. In 2022, over 43 million Americans have experienced doxxing at least once.
Keep reading to learn more about doxxing, what to do if you’ve been doxxed, and how to protect yourself from it.
Understanding What Doxxing Is
📖 Definition Doxxing means publishing someone’s personal information online without any consent. This is usually done with the intent to cause harm. The term “doxxing” came from “docs” (short for documents). It also stands for the slang: “dropping dox.” |
Doxxing started in the 1990s as a revenge tactic by hackers. Their goal was to break the anonymity of the target for harassment or other purposes.
Nowadays, doxxing is typical in culture wars when attacking an opposing point. Most victims are famous people or celebrities. However, commoners can also suffer from doxxing attacks.
To better grasp what doxxing is, find out more about how doxxing works in the next section.
The Doxxing Process
Doxxing starts with the collection of data. The attacker gathers small amounts of data about people scattered on the Internet.
These data can be:
After that, the doxxer assembles the pieces of information to reveal the person behind them to the Internet.
Now that most people use the web for almost everything, personal information is also accessible online. This makes it easy for doxxers to collect any information about their target.
Continue reading to know what methods doxxers use to gather your information.
Common Doxxing Methods
Most people think they remain private while browsing, but that’s not true.
The Internet was never meant to put users’ privacy first. It shows you what you need to see, buy, or know—based on your digital footprint.
This means anyone can dox anyone as long as they track or gather enough personal data on the web. Doxxers do that with the following methods:
1. Username Tracking
The username is one of the typical methods of doxxing since most people tend to use the same username across different platforms.
With the same username, doxxers can understand the target’s interest on the web and track their online activity.
2. Domain Name Tracking
If the target owns a domain name, gathering data through a WHOIS search on the domain is simple.
Since the target registers the domain, any doxxer who knows his way around domains can do a WHOIS search.
In most cases, domain owners don’t change or hide their personal information when purchasing—making their data accessible to the attacker.
3. Phishing Scams
Over 300,000 phishing incidents were reported in 2021. A target who does not use a secure email account can fall victim to this method.
With this scam, the doxxer goes through the email addresses of victims. They reveal and post sensitive emails online.
📝 Note Phishing does not only happen through emails. This scam type branched out to text messages and is now known as “smishing” — or SMS phishing. In 2021 alone, it was reported that victims lost over $10 million due to spam texts. |
4. Social Media Stalking
Around 60% of the world’s population uses social media. Anyone can stalk and gather sensitive data if their social media accounts are public.
Other than your name, doxxers can use your photos to locate your accounts. They can also use your phone number or email address.
These attackers can identify your job, hobbies, address, and more by simply going through your photos, captions, and profiles.
5. Government Record Gathering
Almost 50% of American adults think that the government tracks their web activities. This is alarming, considering that your government records end up online sometimes.
For instance, doxxers can get ahold of anyone’s business and marriage licenses.
They can also see your DMV, country records, or voter registration.
While all these records may not mean much, they contain at least one or more pieces of personal data.
6. IP Address Tracking
An IP address is one of the most sensitive personal data since it links to a user’s physical location.
If a doxxer knows their way around IP address tracking, they can locate you and uncover more data.
✅ Pro tip It is best to use proxy servers or VPNs to conceal your IP. However, if you’re looking for cheaper options, you can change your IP manually using a Windows device. |
7. Mobile Phone Searching
There are many effective phone lookup services on the web. They can help you effortlessly find someone with a phone number.
However, a phone number is another personal data attackers can use to dox. They use the effectiveness of reverse phone lookup tools against their victims.
By simply entering your phone number, the tool will show doxxers whose number it is. Doxxers can see your name, track your location, and more.
8. Packet Sniffing
According to statistics, one hack incident happens every 39 seconds. Packet sniffing is one of them.
Packet sniffing happens when doxxers connect to an online network and crack the security. Once they’re in, they capture any data flowing in.
Doxxers can intercept everything that you send and receive online. This allows them to access passwords, cards, accounts, and even old messages.
Is Doxxing Illegal?
No, doxxing in itself is not illegal. It is “legal” if the exposed data is accessible in public and the doxxer acquires it through a legal process.
Nonetheless, the act may violate some laws against stalking, threats, or harassment. Check out what those laws are below.
US Laws on Doxxing
The US has two federal laws that can make doxxing illegal. These are:
1. Interstate Communications Statute
The 18 US Code Chapter 14 law has been in effect since 1934. This law states that it is a federal crime to use any means to ask for unlawful sexual activity.
It also includes any demand, ransom, or reward for releasing any kidnapped person.
Doxxing falls under this law if the doxxer aims to blackmail or exploit any sensitive data for a prize.
Any person convicted under 18 USC Chapter 14 can face up to twenty years of imprisonment. |
2. Interstate Stalking Statute
Established and legitimized in 1996, the Interstate Anti-Stalking Punishment and Prevention Act addresses stalking and harassment.
These two acts are typical situations that happen once a victim is doxxed.
Anyone found guilty can face up to five years of imprisonment and/or a fine of up to $250,000. |
Other than these two laws, the state of California also addresses doxxing with a regulation of its own.
3. Penal Code § 653.2 PC
California considers doxxing illegal according to Penal Code Section 653.2. Under this law, doxxing can be a crime if it causes any form of online harassment.
This offense is punishable by up to a year of imprisonment and a fine of up to $1000. |
Doxxing Regulations In Other Countries
Since doxxing is a recent tactic, there is a demand for more specific laws against it. Apart from the US, Australia and Hong Kong passed anti-doxxing laws.
For instance, Australia has the Commonwealth Criminal Code. Its Section 474.17 is against doxxing being used as a carriage service to menace, harass, or offend. Anyone convicted of this law can face two to three years in prison.
In 2021, Hong Kong passed a law against doxxing, considering it a criminal offense. Anyone guilty of this crime can face five years of imprisonment and a fine of 1 million HKD.
Popular Doxxing Cases Worldwide
Doxxing is a cybercrime that happens everywhere. Some cases became famous because of the victim, the doxxer, or the attack itself.
Here are some doxxing cases that occurred around the world:
1. Celebrity and Politician Doxxing in 2013
Twelve high-profile politicians and celebrities became victims of a doxxing attack in 2013. Some victims were Beyonce, Ashton Kutcher, Hillary Clinton, and Joe Biden.
This doxxing attack came from Russian hackers, who published the victims’ financial information. Victims say their credit cards, SSNs, loans, and more were exposed.
2. Faulty Doxxing in 2013
One of the darkest doxxing attacks ever recorded in history was Sunil Tripathi’s case.
In 2013, some vigilantes on Reddit doxxed the Brown University student Sunil Tripathi. He was already reported missing for weeks prior to the Boston Marathon bombing.
On April 18, the FBI released photos of the suspects in the bombing incident. A Redditor suddenly brought up Tripathi’s resemblance to the released images.
This allegation blew up, and news outlets began covering the story. Tripathi’s loved ones took it to social media and expressed he was not responsible for the incident.
The actual suspects were caught. However, days later, someone found Tripathi’s body in the water in Rhode Island.
While the authorities said it was suicide, doxxing played a significant role. The public shaming Tripathi experienced was all caused by false accusations.
3. Revenge Doxxing in 2015
Former Major League Baseball player, Curt Schilling, doxxed a group of people in 2015. This doxxing attack was considered revenge after they posted harsh things on Twitter about his daughter.
On February 25, 2015, Schilling posted a tweet congratulating his daughter as she was going to play softball for Salve Regina University.
Congrats to Gabby Schilling who will pitch for the Salve Regina Seahawks next year!!
— Curt Schilling (@gehrig38) February 25, 2015
Some people went overboard and gave vulgar remarks, which triggered Schilling to initiate a dox attack.
Schilling investigated the real faces and posted their real identities online. One of the bullies got fired, and another got suspended from school.
The rest of the bullies got scared and posted apology messages.
Effects of Doxxing
The severity of doxxing attacks varies. Some can be petty, like signing up for mailing lists or charging for delivery.
However, there are dangerous doxxing attacks. Some involve harassment, swatting, identity theft, and other forms of cyberattack.
Doxxing can cause its victims to suffer emotional and physical damage. Here are some of the common effects of doxxing:
- Online and offline harassment
Harassment is a typical effect of doxxing. In general, 90% of reported dox victims say they were harassed.
Doxxers expose sensitive data about their victims. If the data contains any record of wrongdoing, the attack can lead to harassment—online and offline.
📝 Note Victims of online harassment are 1.9 times more likely to commit suicide. If you or anyone you know has been doxxed and harassed, call the authorities or the hotline for Online Harassment and Abuse at 1-800-799-7233. |
- Public shaming
When doxxing exposes any shameful information about the victim, it can lead to public shaming.
For instance, the doxxing case of Ashley Madison affected millions of users. The hackers asked for demands, but the dating site did not comply.
As a result, the group released sensitive user data. It doxxed 37 million users, causing humiliation, embarrassment, and reputational damage.
- Loss of job
Doxxing, which involves exposing sensitive data like a criminal case, can lead to job loss. Even if the record is not grave, it still affects the victim’s career and job opportunities.
- Identity theft
Doxxers expose all sorts of personal details. Any user who will see the dox post (or even the doxxer himself) with your information can use the leaked data to commit identity theft.
They can use your personal information to scam others, take loans, claim insurance, and more.
📝 Note Identity theft is one of today’s fastest-growing crimes. According to statistics, an American becomes a victim of ID theft every two seconds. In 2022 alone, the Federal Trade Commission recorded over 1.1 million reports on this crime. |
What to Do if You’ve Been Doxxed?
Being a victim of doxxing can make anyone panic. That’s a natural reaction, considering how scary seeing your personal information plastered on the web would be.
However, the goal of doxing attacks is to violate your security, deliberately causing you to panic or freak out. If you ever get into this situation, here’s what you must do:
1. Report the incident to the platform.
The first thing to do is reach out to the platform where the attacker posted your information. See the terms of service or any guidelines on this matter.
If you reach out to the platform, request that they delete the post. They can also restrict the attacker from doing more.
2. Contact law enforcement.
It’s best to involve and contact your local law enforcement if there are personal threats. They will focus on any information directed at you, your address, or other sensitive data.
3. Record the doxxing.
If threats are sent to you, keep evidence like screenshots and records for the report.
Since it’s online, include the date, timestamp, and URL in your screenshots or recordings. Those will serve as evidence for the authorities.
👍 HelpfulArticles Taking a screenshot can be vary depending on the device that your using. Check out the following TechJury articles to learn how: |
4. Contact your bank.
Contact your bank immediately if the attack involves bank details, like card numbers.
The bank can block any transaction related to your card or account. Banks can also help you set up new passwords for your accounts and cards.
5. Lock all your accounts.
You’ll also need to secure all your accounts if a dox attack happens. This will limit the doxxer’s access to your account and information.
Protecting Yourself from Doxxing
Anyone who browses, posts, or has an account online can get doxxed.
With this in mind, below are some steps to protect yourself from doxxing:
- Protect your IP address.
Since an IP address is sensitive data, always protect it. You can mask your IP address using a VPN or proxy IP.
These anonymity tools hide your real IP by letting you browse with another.
VPNs and proxies also come with other benefits, but their main goal is to keep you incognito and secure your browsing.
- Have good cybersecurity.
Cybersecurity statistics say that online criminals have compromised the personal data of around 50% of Americans.
Having good cybersecurity lets you prevent doxxers from stealing personal information. This involves using an anti-virus. These tools can detect up to 350,000 viruses daily.
You can also install tools that protect you from various kinds of malware. It’s also best to keep software updated for better security.
- Create a strong password.
Doxxers can hack all your accounts if you use the same password for all of them. For this reason, create a unique and strong password for each online account.
Combine numbers, symbols, and letters. Regularly changing passwords is also a good practice to avoid hacking or doxxing.
✅ Pro tip If you have several accounts, try using a password manager tool. There are free password managers that offer unlimited storage and connections, like Passwarden. |
- Use several usernames.
Using only one username across all platforms can make you vulnerable to doxxing. With different usernames, your identity will be more difficult to uncover.
It will also give doxxers a hard time tracking your online activity and movement.
- Use different email accounts.
It can be easy for doxxers to search for an email address. Having one email account makes doxxing even easier.
The best thing to do is to create several online accounts for various purposes.
For example, you can have three email accounts—one for professional, one for personal, and one for spam. Here’s how you should use each one:
- Use your personal email for your relatives and close friends’ correspondence.
- Your professional email should be for work only. Any documents, meetings, and work-related emails are routed to this email.
- Your spam email should be for account signups, services, and mailing subscriptions.
✅ Pro tip Since you’ll post your spam email often, make sure it does not contain or reveal any personal data about you. |
- Stay private on social media.
Manage and review your social media posts and profiles. Ensure you put out only minimal information about your life in public.
You should also only share your details with people you know. Avoid turning your profile public and accepting requests from unknown people.
- Set up multi-factor authentication.
Multi-factor authentication lets you access your account with two or more ID types. It can be your password or a code from your phone.
Hackers will need tools and more help to access your device and account with MFA.
- Get rid of your old accounts.
Check the web for all your accounts and delete the ones you don’t use anymore.
If you have decades-old accounts, the information on them remains accessible. That is why it is best to delete or deactivate them.
- Remove data from brokers.
Data brokers can have sensitive information about you, but you can remove it on your own or through some services. This process can take time, but it can also be expensive when you pay for a service.
If you need help figuring out where to start, head to the Oracle Netsuite or Epsilon databases.
✅ Pro tip You can use tools like OneRep or DeleteMe to remove personal information automatically from hundreds of data brokers. |
- Avoid online quizzes that ask for permission.
An online quiz or app asking for permission can be a source of anyone’s sensitive data.
Also, mobile apps usually ask for permission. Be cautious if the app wants to access your contacts, location, and social media.
Conclusion
Doxxing is a severe issue, and it became so because of how easily data can be accessed online.
There are few laws against it, making it trickier to face. Also, the physical and emotional damage it can do to victims is off the charts.
The best way to solve or prevent it is to secure our personal information. You can also avoid doxxing by not joining any arguments with others online.
FAQs
How do streamers not get doxxed?
Streamers avoid getting doxxed by enhancing their online security. They use a VPN since it masks their IP addresses. Most of the time, they also use MFA for their accounts.
Is doxxing a form of cyberbullying?
Yes. Doxxing is one of the many forms of cyberbullying. It invades the victim’s privacy by gathering and posting sensitive data online. It became a way to harass, threaten, or blackmail anyone.
Timeline Of The Article
With a master's degree in telecommunications and over 15 years of working experience in telecommunications, networking, and online security, he deeply understands cybersecurity's value and importance. Max leverages his vast experience and knowledge to research the latest cyber threats, scams, malware, and viruses in-depth.