Skip to content
Back to Security Center

Doxxing: What It Is and How to Protect Yourself

What Is Doxxing?

Doxxing (sometimes spelled "doxing") is the act of researching and publicly revealing someone's private or personal information without their consent. This can include real names, home addresses, phone numbers, email addresses, workplace details, photographs, and even financial information. The term originates from "dropping docs" in early internet culture, where documents containing personal details were shared to intimidate or punish someone.

Doxxing is frequently used as a weapon in online disputes, a form of revenge, or a tool to silence and intimidate. Regardless of the motivation, having your personal details exposed to strangers can be frightening and dangerous.

How Doxxers Find Your Information

You might assume your personal data is well hidden, but doxxers use a variety of techniques to piece together your identity from publicly available sources:

  • Social media profiles: Even seemingly harmless posts can reveal your location, workplace, school, daily routines, and relationships. Photos may contain metadata with GPS coordinates if location services were enabled.
  • Username correlation: If you use the same username across multiple platforms, a doxxer can link your accounts together and cross-reference the information on each one.
  • Public records: Electoral rolls, company registrations, court records, and property ownership databases are all publicly searchable in many jurisdictions.
  • Data breaches: Leaked databases from previous breaches often contain email addresses, passwords, phone numbers, and physical addresses. You can check if your email has appeared in known breaches at Have I Been Pwned.
  • WHOIS lookups: If you have registered a domain name without privacy protection, your name, address, and phone number may be publicly visible in the WHOIS registry.
  • People-search websites: Aggregator sites compile data from public records, social media, and data brokers, making it trivially easy to look someone up by name or email address.

Preventing Doxxing

While no prevention method is foolproof, the following measures significantly reduce your exposure:

  • Separate your usernames: Use different usernames for different platforms. This makes it much harder to connect your accounts across services.
  • Use a dedicated email for public-facing accounts: Do not use your primary personal or work email for social media signups or forum registrations.
  • Limit personal details on social media: Avoid posting your full date of birth, home address, phone number, or workplace. Even listing your school can narrow down your identity significantly.
  • Review your privacy settings: On every platform you use, check who can see your posts, friend list, and profile details. Set everything to the most restrictive option that still allows you to use the platform as you intend.
  • Opt out of people-search sites: Many aggregator websites allow you to request removal of your data. This can be time-consuming but is worthwhile.
  • Register domains with WHOIS privacy: If you own a domain, enable WHOIS privacy protection through your registrar.
  • Remove metadata from photos: Before uploading images, strip EXIF data that may contain your GPS location, device information, and timestamps.

What to Do If You Have Been Doxxed

If your personal information has been published without your consent, act quickly:

  1. Document everything: Take screenshots of where your information has been posted, including URLs, usernames, and timestamps.
  2. Report to the platform: Most platforms prohibit sharing personal information without consent. File a report requesting removal of the content.
  3. Contact Action Fraud: In the UK, report the incident to Action Fraud if you believe the doxxing constitutes harassment or puts you at risk.
  4. Secure your accounts: Change passwords, enable two-factor authentication, and review the login history on all your accounts.
  5. Alert your bank: If financial details have been exposed, contact your bank immediately to flag potential fraud.
  6. Consider contacting the police: Doxxing that leads to threats, harassment, or stalking may constitute a criminal offence under UK law.

The National Cyber Security Centre (NCSC) provides additional resources on protecting your personal information online and responding to cyber incidents.

Your personal information belongs to you. Taking proactive steps to limit your digital footprint and acting swiftly if your data is exposed can prevent doxxing from causing serious harm.

How to Respond to Online Harassment

Online harassment can escalate quickly. Knowing the right steps to take protects you and strengthens any future reports or legal action.

Read article

How to Document and Report Abuse

Proper documentation makes your report stronger and more actionable. Learn the right way to capture and preserve evidence of online abuse.

Read article

Digital Footprints: What Employers and Universities Look For

Your digital footprint follows you into job interviews and university applications. Knowing what recruiters look for puts you in control.

Read article
Back to Security Center