Introduction

A massive part of maintaining online data privacy is keeping your personal information, like your home address and SSN, off the web. So what happens when a cyberattack specifically aims to uncover and publish your personally identifiable information (better known as PII)?

It’s called doxxing, and approximately 11M Americans have been victims of it. Sound scary? Let’s dive into more about this threat and how to handle it.

What Is Doxxing?

This cybercrime is particularly dangerous because, although it occurs online, it can have serious real-world consequences for the unfortunate targets. Doxxing occurs when a bad actor publicly posts private, personal, or identifying information about an individual without their consent.

The type of information might include:

• Full name

• Home address

• Phone numbers

• Email addresses

• Workplace or employer details

• Social Security numbers and similarly sensitive data

• Private photos or documents

Anyone who sees that information can use it to harass, intimidate, and/or threaten the victim…online or in person. Do you want your biggest enemy to see details about your personal life? Probably not!

Doxxing High-Profile Individuals

In recent years, corporate executives at major companies have increasingly become targets of doxxing, especially when their decisions spark public or internal controversy. One common scenario involves a company implementing a return-to-office policy after a period of remote work. If a high-ranking executive publicly supports this change, it can trigger backlash from employees or online communities who feel strongly about remote work.

In such a case, the executive’s personal information (including their home address, phone number, and family details) ends up online through platforms like Reddit, 4chan, or social media. The threat actor exposing this information often accompanies the leak with calls to harass the individual or even organize protests near their home. While political figures have made common targets in the past, more and more threat actors direct these attacks at corporate leaders as well.

When this happens, companies often have to increase physical security, issue legal notices, and engage cybersecurity firms to scrub the executive’s data from the internet. The targeted individual may need to step back from public-facing duties due to safety concerns, and the company might launch an internal investigation to assess the breach and prevent future incidents. Updates to executive protection protocols and employee privacy training often follow.

This kind of doxxing is not limited to CEOs. More board members, department heads, and even mid-level managers have become targets too. Even random individuals have been doxxed after petty internet disagreements!

Staying Safe

As doxxing becomes more common and more dangerous, it can lead to cyberattacks, reputational damage, and real-world threats to physical safety. Once someone puts your information online, you also never know who else screenshotted or saved it.

The best way to avoid doxxing? Avoid oversharing on social media. That includes your full name, birthday, address, school, or workplace. Set your profiles to private and review your followers or friends list regularly. Remember that your posts have an audience. If you wouldn’t share it with your distant acquaintance, then they shouldn’t read about it online.

Did you know that your pictures might include metadata that exposes when and where the photo was taken? Posting a lot of pictures can tell determined threat actors where you hang out, go out and work.

Some tricks for staying safe:

• Enable multi-factor authentication (2FA) on all accounts.

• Use unique, strong passwords with a password manager.

• Avoid using your real name or primary email for public forums, like your gaming platforms and social medias

If you find out that you’ve been doxxed, document everything and report the incident to the platform where your data was published. They should have measures in place to address the problem. You might also involve law enforcement if physical threats to your safety arise.

Conclusion

Many places have made doxxing illegal, especially if it involves threats, stalking, or the release of any information that leads to harm. Of course, these laws vary by country and region, but they often fall within cybercrime or privacy violation statutes.

Avoid publishing private information online, and report it immediately if someone else puts your PII online. Doxxing has become a popular form of semi-anonymous retaliation, and we all need to be aware of the dangers of posting too much online.