Doxing Attacks: From Hacker Tool to Societal Problem

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The malicious attack known as doxing has gone far beyond hacker tool, with the threat now extending to most digital platforms and making nearly anyone a target.

Today, doxing continues to be an intimidating prospect for digital users and is a mainstream data security problem. Online users can have a great deal of anonymity, but the growth of digital platforms makes obtaining information more accessible than ever. With any public-facing or dormant digital presence, threat actors can weaponize personal information to humiliate the victim, extort them, or conduct further malware attacks.

This article looks at doxing, how it works, types, best defensive practices, and what to know about the mainstream digital attack.

Jump to:

What is Doxing?

Doxing – abbreviated from “dropping documents” – is a form of Open Source Intelligence (OSINT) where an actor publicly shares online information or data about a specific individual or group of individuals. Doxing often reveals identifying information about an adversary and is almost always a malicious attack to hurt the victim.

A Brief History of Doxing

Doxing is a term that first originated alongside the boom of the internet and black hat culture. Within the hacking community, doxing is an intimidation tactic to unmask the otherwise anonymous details of another user. With user interactions expanding to entire communities and remote connections, doxing is easier than ever and present across today’s social media platforms.

Read more: Becoming a Cybercriminal Keeps Getting Easier

What Documents Are Getting Dropped?

  • Personal Details: home address, phone number, workplace, criminal history
  • Financial Information: social security number, banking, credit report, digital wallet
  • Other Personal: private communications, personal data, embarrassing details

How Does Doxing Work?

Finding Documents

The list of tactics, techniques, and procedures (TTP) used by threat actors to gain another user’s data is extensive. Common searches include scanning public records, phone records, social media, and WHOIS domain information. Meanwhile, more advanced threat actors will utilize IP addresses, packet sniffing, and dark web data brokers to obtain personal details. Another widely used tactic for information gathering is phishing or the engagement and manipulation of another user’s trust.

Publishing Documents

Upon obtaining the documents in question, threat actors can dispose of the information as they please. Hackers can publish their findings under an anonymous account on a popular social media platform or another public-facing channel. In either circumstance, the hacker makes the personal details more accessible to other users by collecting and sharing the information.

Also read: Top Threat Intelligence Platforms

Types of Doxing Attacks

DeanonymizingRevealing personal identifiable information of an anonymous individual
TargetingPrivate or obfuscated personal information revealing circumstances
DelegitimizingThe disclosure of intimate details to damage an individual’s credibility

More niche examples of doxing include:

  • Breach Doxing: the unintentional dropping of documents via a data breach or leak.
  • Revenge Doxing: targeting individuals as a form of revenge.
  • Swatting: targeting individuals via emergency tip to public authorities.
  • Criminal Doxing: targeting individuals with harmful intent.
  • Faulty Doxing: targeting of an unintended individual.
  • Corporate Doxing: targeting a specific business and personnel.
  • Celebrity Doxing: targeting a celebrity’s personal information.
  • Intellectual Property Doxing: targeting a company’s proprietary data.

Defending Against Doxing

Keeping a low profile online can be difficult in an era where a brand is everything. Personal details about users – whether inadvertently available on social media or through a data breach on a long inactive account – are everywhere, giving persistent threat actors plenty to utilize.

  • Practice cybersecurity hygiene, including strong passwords and MFA
  • Scrub data from data broker sites or obsolete profiles and accounts
  • Differentiate usernames and passwords between accounts
  • Separate email accounts for distinct purposes
  • Evaluate privacy settings and public info for social accounts
  • Hide domain registration and protect IP with VPN
  • Tread lightly with app permissions and minimize disclosure of personal information
  • Avoid malicious interactions and stay vigilant with trust online
Read more: Corporate doxing is on the rise: Here’s how hackers are doing it and how to stop them | TechRepublic

Proposal for Action: Dox Yourself

Don’t believe you have anything to hide? Industry analysts offer a simple challenge: check how easy it is to dox yourself. Data owners can evaluate their current risk posture regarding a doxing attack and take steps for remediation.

Evaluate Doxing Risks

From Google to Twitter and LinkedIn, searching for a first and last name can reveal a lot about an individual or company.

The pedestrian user may not know or care about their privacy settings. Still, threat actors are well aware of publicly visible information on social media, personal websites, and other digital platforms. Individuals and organizations with a longstanding digital presence have even more content for threat actors to parse through in search of a humiliating tweet or picture.

In addition to popular websites, users must also consider data breaches and existing digital accounts. Disasters and attacks for web service providers can result in emails, passwords, and more being published and exposing account user information.

Users can check if their email or phone was compromised in a data breach on Have I Been Pwned? Hopefully, no pwnage is found!

Remediate and Continually Audit

Though personal details like a mobile phone number, email accounts, or home address on an online CV may seem harmless, this information is vulnerable to misuse. Creating phone and email accounts specific to public-facing purposes is a popular preventative measure.

Across digital platforms and accounts, users should ensure all settings meet their privacy and cybersecurity expectations. In evaluating doxing risks, users with compromised credentials must act with haste to change any other accounts carrying the same username and password. In the same vein, users should consider deleting dormant accounts to avoid additional exposure.

If the user isn’t going off the grid entirely, preventing doxing or other attacks against one’s privacy means proactive monitoring. Users should conduct regular audits of publicly available data about themselves. Keeping up with current events is also an invaluable part of securing data as a user can act quickly to remediate the potential exposure.

Also read: Top Vulnerability Management Tools

The Unintended Victims of Doxing

Never mind the real threat doxing can bring to the intended individuals – a disturbing number of instances show the original documents published to be inaccurate and the recipient of post-doxing reactions misidentified. These examples often lead to digital or in-person harassment and reputational damage of individuals unbeknownst to any identifiable reason for the attack.

Notable Doxing Attacks

WhenAttack Details
August 2017After the “Unite the Right” rally in Charlottesville, Virginia, online users misidentified an attending protester as University of Arkansas assistant professor Kyle Quinn. Quinn was met with a barrage of harassment before online users learned it was not the same individual.
August 2014Known as “Gamergate,” several notable women in the video game industry were targeted in an online harassment campaign and doxing. Noted as a backlash to increasing feminism in gaming, victims received extensive attacks at the time and for years after.
August 2014Known as “The Fappening,” a threat actor published 500 private pictures of celebrities to 4chan before their broader circulation. Apple stated the threat actor executed spear-phishing attacks to access the vendor’s cloud services suite, iCloud. In 2018, George Garofano pleaded guilty to the attack.
March 2013Multiple celebrities and political figures, including Kim Kardashian, Ashton Kutcher, Jay-Z, Joe Biden, and Hillary Clinton, were the victims of doxing their financial details. In 2015, Mir Islam pleaded guilty to the attack. The US DOJ detailed the string of attacks in 2013 against dozens of victims.
Read more: Best Identity and Access Management (IAM) Solutions

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Sam Ingalls Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.




Top Cybersecurity Companies

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis