Being online comes with risks, and one big danger is something called doxxing. Doxxing is the act of gathering and disclosing a person’s private information, such as their address and phone number, without their consent. Curious about what is doxxing and how to stay protected? Discover the ins and outs of doxxing, learn how attackers can find your information, and explore effective methods to keep yourself safe online.
Nearly one in five Russians has found information online about themselves or their loved ones that they didn’t want to be public. Also, 64% of users have tried to hide their information, and that’s a good idea because this data can be a weapon for attackers. Let’s understand why doxxing is risky.
What does Doxxing mean in easy terms
In simple words, doxxing means revealing someone’s personal information online without their permission, usually to make money, threaten, or bully. This can harm your reputation, lead to job loss, and even put your safety at risk.
The information exposed in doxxing includes real names, addresses, phone numbers, emails, documents, photos, and other sensitive details. It’s important to be aware of the potential risks and take steps to stay safe online.
The Story behind Doxxing
The term “doxxing” comes from the word “dox,” which is short for “documents,” and someone who engages in doxxing is known as a doxer. In the early 1990s hacker culture, doxing, or revealing someone’s personal data in a public file, was often a means of seeking revenge. For hackers who value their anonymity, this was a significant blow.
Outside of hacker communities, the first widely known instances appeared on Usenet forums in the late 1990s, where users shared lists of suspected neo-Nazists. Concurrently, a website named the “Nuremberg Files” emerged, containing names and home addresses of doctors performing abortions in the United States.
In the 2010s, doxxing continued to spread, driven by the growth of social media and associated with platforms like Reddit and 4chan. Instances of doxxing became prevalent in political activism and conflicts. The release of personal information about politicians, journalists, and activists has been used for intimidation, blackmail, and to safeguard the interests of certain groups.
How Doxxing Works and How Doxxers Find Information
There are various ways doxxers gather information about a person.
Social Media
Many people share photos, locations, and other details on their social media profiles, making them vulnerable to attackers. Even small details like the view from a window, the address on a package, or a car’s license plate number can become targets for doxxers. In 2022, 30% of Russian respondents reported posting personal information, including phone numbers, home addresses, or workplace details, on social networks.
Darknet
On the dark web, cybercriminals can buy or sell sensitive data like credit card numbers, Social Security numbers, or usernames and passwords.
IP Address
Every device has an IP address indicating its usage and location. Doxxers may use an IP logger, a special code attached to messages or emails, to track a victim’s online activity and determine their geolocation. However, the average person can only determine the provider, country, and possibly the city using IP.
Phishing
Attackers use decoy emails or create fake websites to gain access to users’ personal data. In 2023, the number of blocked phishing links in Russia increased fivefold.
Data Brokers
These entities collect, buy, and sell confidential information obtained through data leaks, hacker attacks, website scraping, social engineering, and other methods. For example, in 2022, a database from the Gemotest network of medical clinics appeared on the darknet, containing patients’ personal data and medical examination results. There was also a major leak at Yandex.Food, exposing information about 58 thousand customer addresses throughout Russia.
Stealers
Malware designed to steal sensitive information from users’ computers or devices. They can intercept passwords, logins, bank card data, and other personal information. In 2023, attackers disguised a stealer as a new version of the Windows 11 operating system, leading to increased sales of such programs on the darknet.
The Risks of Doxxing and Who can be Affected
Doxxing, a tool of cyberbullying, breaks people’s digital privacy and can lead to serious harm. The consequences for the victim are significant:
Disclosure of Personal Data:
- Risk of stalking, blackmail, and other security violations.
Psychological Impact:
- Severe stress, fear, anxiety, and vulnerability due to privacy violation.
- Possibility of revenge porn, causing negative impacts on mental health.
Reputational Damage:
- Deception, condemnation, and personal/professional life problems.
- Potential interference with the victim’s workplace, leading to job loss.
Anyone, from regular users to famous personalities, politicians, journalists, or activists, can be a victim of doxxing if they attract negative attention online.
Consequences Extend to Loved Ones:
- Unwanted attention, threats, insults, blackmail, and deception.
Notable Examples of Doxxing
Gamergate (2014):
Zoe Quinn, a video game developer, faced aggressive online campaigns and threats after her confidential information was made public. The incident sparked discussions on women’s roles in the gaming industry and ethical concerns in gaming journalism.
Ashley Madison Website (2015):
A dating platform for people in relationships was hacked, leaking personal information of over 30 million users. Some attackers sought famous personalities for blackmail. The leaked database led to consequences such as layoffs, divorces, and even suicides.
How to Stay Safe from Doxxing
To safeguard yourself from potential harm, take preventive steps to avoid unpleasant consequences.
Strong Passwords:
- Create unique and strong passwords for each online account.
- Include a mix of upper and lower case letters, numbers, and special characters.
- Avoid using simple, predictable passwords.
Two-Factor Authentication:
- Enable two-factor authentication for added security.
- This requires an additional code or confirmation along with your password.
Social Network Vigilance:
- Be cautious about what you share online, especially personal and contact information.
- Limit access to your profiles to trusted contacts and be wary of accepting friend requests from strangers.
Privacy Settings Check:
- Regularly review and update privacy settings on social networks and online profiles.
- Ensure you have control over what information is visible to others.
Email Correspondence Caution:
- Exercise caution with emails, especially from unknown senders or suspicious content.
- Avoid disclosing personal information or clicking on dubious links.
Software Updates:
- Keep your device’s operating systems, browsers, and antivirus software up to date.
- Updates can fix vulnerabilities that attackers may exploit.
Secure Wi-Fi Connections:
- Avoid connecting to unsecured Wi-Fi networks, especially in public places.
- Unsecured networks may be vulnerable to attacks and data interception.
App Permissions Awareness:
- Pay attention to the permissions requested when installing smartphone applications.
- Evaluate what personal information an app seeks and only grant necessary permissions.
Profile Cleanup:
- Delete outdated and unused profiles on websites where you were previously active.
By following these steps, you can enhance your online security and reduce the risk of falling victim to doxxing.
What to Do If You’re a Victim of Doxxing
If you find yourself a victim of doxxing, take these steps to protect yourself:
Save Evidence:
- Capture screenshots of all posts, messages, or pages related to the doxxing.
Contact Site Administrators or Social Networks:
- Reach out to the administrators of the site or social networks where your information was posted.
- Request the removal of the content and file a rule violation complaint if available.
- Report specific posts on social networks.
Contact the Police:
- Provide evidence, such as screenshots, to the police for investigation.
- Law enforcement can take action against those responsible.
Update Passwords:
- Remove old passwords and change them for all your online accounts.
- Use strong, unique passwords for each account.
- Enable two-factor authentication whenever possible.
Be Cautious Online:
- Exercise caution with online activities.
- Avoid opening suspicious emails, links, or files.
- Stay vigilant, as doxxers may continue online harassment.
- Close accounts if necessary.
Delete Unused Profiles:
- Remove outdated and unused profiles on any websites where you were previously active.
By following these steps, you can take control and mitigate the impact of doxxing on your online presence and personal security.