What is doxxing? How to protect yourself online

Doxxing is the act of gathering and maliciously publishing private information to harass, intimidate, or endanger some­one. As our lives become more digital, we leave behind a trail of personal data. While often harmless, this information can be weaponised by malicious individuals to put your safety at risk.

For example, you might encounter doxxing after a heated argument in an online forum or a heated debate on social media. In those moments, the fear that someone could uncover your real identity and publish your sensitive personal details is not unfounded.

What is doxxing?

Doxxing (sometimes spelled doxing) is the act of researching and broad­casting an individual’s private or personally identifiable information (PII) online without their consent. The term originates from “dropping docs,” a slang term used by early internet hackers. The goal is almost always malicious: to intimidate, harass, shame or extort the target.

Doxxing involves three key elements:

• Gathering and publishing information: Doxxers collect private details from various sources, including public records, social media profiles, data breaches, and even by hacking or social engineering.

• Malicious intent: The primary purpose is not just to share information, but to cause harm. This can range from public shaming and professional damage to inciting physical violence.

• Lack of consent: The information is shared without the victim’s knowledge or permission, leading to a profound violation of their privacy and sense of security.

When someone has been targeted in this way, they are said to have been doxxed.

How does doxxing work?

There is a vast ocean of personal information online. Doxxers can easily connect small, seemingly insignificant digital bread­crumbs scattered across the internet to build a detailed profile of their target. Some of the most common methods to dox people include:

Stalking social media: Many users unknowingly share sensitive information on public social media profiles. Details like their location in social media posts, work­place, friends’ names, and even their date of birth can be valuable pieces of the puzzle.

Tracking usernames: People often use the same user­name across multiple platforms. This allows a doxxer to build a comprehensive picture of a person’s interests, opinions, and online habits.

Using data brokers: These are companies that legally collect personal information from public records, purchase histories, and other sources, then sell it to advertisers and other businesses. For a small fee, a doxxer can often buy a detailed report on an individual.

Phishing: Doxxers may send malicious emails that trick a target into revealing login credentials or other sensitive information, giving them access to private accounts. Never click on suspicious phishing links or provide personal information in response to suspicious or unexpected emails or messages.

Searching public databases: Government records and web­sites can be a gold­mine of information, including marriage licenses, property records, business licenses, and voter registration logs.

Domain registration information: When someone registers a web­site domain, their name, address, and phone number are stored in a public WHOIS data­base, unless they choose to hide their domain registration information.

Consequences of doxxing

For the victim, doxxing can have serious and lasting effects. At its worst, it can lead to harassment, stalking, or even physical danger if home addresses or phone numbers are exposed. Victims may face financial fraud or identity theft when personal data is misused. Even without direct attacks, the fear of being watched or contacted by strangers can cause anxiety, stress, and lasting harm to a person’s sense of safety.

The risks can be even greater for people from minority groups. Members of the LGBTQ+ community may face targeted harassment or outing against their will. Journalists or activists working on sensitive topics can be exposed to coordinated online abuse or threats.

Ethnic and religious minorities may become targets of hate crimes, while women are disproportionately subjected to gender-based harassment. For these groups, doxxing isn’t just an invasion of privacy — it can escalate into a serious threat to personal safety and well-being.

How to prevent doxxing

By understanding the threat and taking proactive steps to safe­guard your data, you can significantly reduce your risk of becoming a victim of doxxing and navigate the digital world with greater confidence and security. Here are some easy tips on how to prevent doxxing:

Secure your accounts: Use strong, unique pass­words for every account and enable two-factor authentication (2FA) wherever possible. A pass­word manager can help you manage this securely.

Audit your social media privacy: Regularly review the privacy settings on all your social media accounts. Limit who can see your posts, friends list, and personal details. Avoid posting photos that reveal your home, work­place, or children’s school.

Create separate email accounts and user­names: Avoid using the same user­name across different plat­forms. Create separate email accounts for professional and personal sign-ups to protect your digital life.

Protect your IP address with a VPN: A VPN (virtual private network) encrypts your internet connection and masks your IP address, which is linked to your physical location. If you use public Wi‑Fi, make sure to turn off the public network sharing functionality.

Clean up your data and enable Google Alerts: You can request that Google remove search results containing your personal information. Google Alerts can also be used to monitor if your private data appears online.

What should I do if I’ve been doxxed?

Discovering you’ve been doxxed can be frightening. Act calmly and follow these steps:

1. Document everything. Take screen­shots of every instance where your information has been posted. Make sure to capture the URL, the content, and the user­name for evidence. 

2. Report to the platform. Report the doxxing content to the web­site or social media plat­form where it was posted. Sharing private information without consent violates the terms of service of nearly all major plat­forms.

3. Seek legal advice. If you receive threats of harm or if your sensitive information for financial accounts has been shared, contact your local police and involve law enforcement immediately.

4. Lock down your accounts. Immediately change the pass­words on all your important accounts, such as email and social media, and ensure 2FA is enabled.

5. Protect financial accounts. If your credit card or bank account details are exposed, contact your financial institution immediately to cancel cards and secure your accounts.

6. Seek support. Doxxing is an emotionally draining experience. Don’t go through it alone — reach out to trusted friends or family for support.

Is doxxing illegal?

The legality of doxxing is complex. Simply sharing information that is already in the public domain may not be illegal in itself. How­ever, doxxing almost always crosses the line into criminal activity. Doxxing can, for example, lead to legal consequences if it involves harassment, cyber crime, or malicious intent.

Examples of doxxing

Doxxing is a threat that can affect anyone, regardless of their public profile or online activity. Here are two examples of famous instances of doxxing that serve as reminders of its potential impact:

Tesla: In March 2025, an online map revealed personal details, such as names, addresses, and phone numbers, of Tesla owners and dealer­ships, leading to encouragement for vandalism and an attack on a Tesla service center. This doxxing aimed to create back­lash against Elon Musk.

Ashley Madison: In 2015, a hacker group stole and published sensitive user data from the Ashley Madison dating site, doxxing millions of people. This occurred after the site’s management failed to meet the hackers’ demands, despite having assured users their information was securely protected.