What is doxing and what to do if you’ve been doxed

Having your private information posted to the internet against your will is a nightmare come to life. Your phone numbers, social networks, personal email address, and even physical address can be leaked in a practice known as doxing.

Doxing is a cyber attack where someone’s private information is publicly posted to the internet without their consent.

Information posted may have been difficult to obtain prior to doxing, and can reveal personally identifiable details of previously anonymous accounts.

In most cases, the intent is to maliciously violate someone’s privacy for perceived justice or revenge. Victims of doxing often experience harassing phone calls to their bosses at work and comments on their social media at the very least.

Friends and family members of doxing victims can end up getting harassed as well if their contact information is leaked.

In extreme cases, doxing victims have had false police reports filed against them, causing authorities to show up investigating fake claims of abuse, hostage situations, or bomb threats.

Although doxing is most common among gamer and hacker communities, anyone can be a victim as it becomes increasingly common.

Your best bet is to prepare for the worst-case scenario.

Eva Galperin, cybersecurity director at the Electronic Frontier Foundation, provided several helpful tips that follow.

First things first: be aware of what you’re intentionally posting. Galperin notes, “What people can really give away about you is the stuff that you’ve already given away about yourself.”

Google yourself to see how much public information is already out there. Remove yourself from people-search lists, and ensure your number is unlisted and on the Do Not Call Registry.

Posting your location on Twitter or enabling location tagging on Instagram can expose your information to bad actors. Carefully consider if you really want to include your location with every social media post (and learn here how to turn it off everywhere).

Pay attention to how many personal details you’re including in online profiles. A study by NYU and University of Illinois professors found Facebook is the most commonly included social media site in doxed files.

This is likely because Facebook contains more sensitive information regarding the user’s relationship to others. On your account, you can note parents, siblings, and other degrees of connection, providing more insight to those prying (pro tip – here’s how to see what the public has access to on your Facebook account).

Get familiar with the Terms of Service of any websites you’re using, especially the privacy sections. Make sure you learn how to file a takedown in the event your information does get posted.

Another exciting part of doxing is the possibility of compromised login credentials, allowing hackers to post as you. Decrease the likelihood of that dumpster fire by using strong, unique passwords for every account. Use a password manager to keep track.

Whenever possible, you should opt for two-factor authentication. Add another layer of security by using an authentication app instead of text messages for push notifications.

Since mobile accounts can be infiltrated, someone could theoretically hack your cell’s SIM card to receive text messages meant for you.

You can call your cell company and enable password protection for your SIM card so no one can make to the account changes without providing a PIN.

While this may seem like a lot of tinfoil hat preparation, the reality is that our digital information is vulnerable.

Even if you’re not a prominent public figure or higher up at your company, your private information could be compromised.

It’s better to have an emergency plan set in place so you’re not overwhelmed if you do happen to get doxed.

Fortunately, doxing is against the Terms of Service for most websites. Reporting doxing usually leads to account suspension for the offending user, or removal of the posts.

Lock down your info now so you’re not an easy target.