Doxing and the Threat of Revealing Personal Information

· October 24, 2018

Doxing comes from the word documents. It’s the combination of the abbreviation for documents (dox) and the suffix “ing”.

In this Internet era, very few people don’t have a Facebook account, don’t have an online store, or don’t shop online. Information technology has made life a lot easier. But, with new conveniences, come new problems, dangers, or threats. Unfortunately, there will always be another side of the coin, in spite of how well we manage our accounts. In this case, it’s a dark side that people will use to take advantage of certain situations or information.

What’s doxing?

Doxing mainly consists of creating a complete profile for a specific person or business by collecting personal information. This information may already be available on our online social network profiles, so what’s the big deal?

In fact, that information is freely available, but a profile created with doxing contains much more personal information that isn’t public online. This information is obtained by linking different data that is freely available online. Truth be told, there are many references that belong to us that we may think are private but are actually easily accessible.

Man working on computer.

Doxing is the simple practice of using the Internet to look for a particular person’s details. The danger of this technique is that all it needs is a name, a username, age, telephone number, email, and photos. Basic personal information is the starting point of doxing. In other words, doxing isn’t based on just collecting information that is already public. It consists of obtaining more personal information that isn’t public.

This practice isn’t illegal since it’s basically just gathering information about a person. However, the real crime is how this information is used or the way people obtain it.


  • In the first case, when the crime is the use of the information, the defining characteristic is the intent of hurting the victim. For example, the use of such information to swindle them, steal their identity, or harass or threaten them.
  • In the second case, we can refer to the many tricks that exist in the online world to gather information. For example, the use of downloadable documents that contain malware (a malicious file) to obtain account numbers, medical information, etc.

Some doxing tools

  • Google and other search engines like Yahoo and Bing. These are tools that everyone has at their reach to obtain information easily and quickly. This is information such as pictures, social places they visit, phone numbers, email addresses, and more.
  • Social networks. Facebook and LinkedIn are the most-used social-networks since these are the ones that store the most personal data. The work-related use we give them may put us a risk for these types of online attacks.
  • “Whois” search. This search gives information about the owner of a web domain or an IP address.

What consequences can it have?

The damages that a person may suffer due to doxing can be material and also personal. These may vary depending on many factors, but especially on the attack’s objective.

In personal matters, the most significant harm is the perception of insecurity. The assailant may obtain a home address, showing that this person isn’t safe at home. Likewise, this can escalate to an anxiety crisis. It can also lead to social issues because the information can be used to humiliate, slander, and stalk the victim. In addition, fear is another important consequence.

When it comes to material things, these types of attacks can involve the loss of bank passwords that the assailant uses to gather sensitive information. All of this is related to the possible loss of money, having to start your life over again, etc.

Similarly, the consequences of doxing may affect other people besides the direct victim. Their family members and close friends can be at risk. Think about when someone’s information is exposed. When this happens, the victim’s close circle is also affected. This thereby creates a sort of snowball effect that becomes harder and harder to stop.

Hacker gathering information.

How to prevent it

Once we’re on the Internet, it’s practically impossible to become “anonymous”. The only thing we can do is follow a series of guidelines that make getting that information more exasperating.

The main thing we should do is minimize the amount of information we post on our social networks. Sometimes this is inevitable. Thus, we must reinforce our security.

  • Make certain information private. For example, photos, emails, and telephone numbers on social media. Don’t allow everyone to be able to see this information and, if you can, don’t share it at all.
  • Use strong passwords. Combining numbers and upper and lower case letters may not be foolproof for hackers. Currently, there are some programs that break that type of security barriers. However, stronger passwords may make it harder. Not using the same password for different domains and pages is also a good idea.
  • Avoid tagging your live location on your posts.
  • Use different email addresses for each specific use: work, social networks, personal email, bank accounts, etc.

An example

In Brussels, Belgium, a man who offered to read volunteers’ minds set up a tent. The people who accepted were amazed by the things that the man guessed about them. He knew a lot of things about them, information they hadn’t shared with people in their inner circle.

Hackers use doxing for information.

Once you’re on the Internet, you’re a potential target. This is true even if you don’t have any type of social media profile. Other services you use may store your information online (medical history, account transactions, addresses, online shopping, etc.). It’s inevitable! However, if we’re careful about the things we post online, we may reduce our risks of being a victim of these malicious practices.