Doxxing: how to protect yourself from exposing sensitive information?
"Doxxing" refers to the practice of purposely exposing personal information, usually to create embarrassing situations or to put the victim's physical integrity at risk.
Originally, "doxxing" was part of disputes among cybercriminals. Since these individuals depended on anonymity, their adversaries would divulge personal documents like IDs and passports – usually as a form of revenge.
In one way or another, doxxing violates a victim's privacy. Among the information revealed in modern doxxing are personal documents, home addresses, telephone numbers, bank details, intimate photos, criminal records, and more.
Depending on the case, the results of disclosing information like this can lead to people receiving calls, messages, and emails with scam attempts, harassment, and even threats. If bank details are disclosed, people may fall victim to identity theft and suffer financial losses.
Doxxing should not be confused with "data leaks". Data leaks are almost always the result of system invasions to obtain financial benefits, while doxxing has a very personal and vindictive nature.
Where does the data come from?
Though doxxing involves the disclosure of information, data collection is what makes it viable. And data can be collected without any direct attack on the victim. Doxxers use everything and anything they can find, and there is no specific rule. Even so, there are some recurring sources:
-
Data scraping collects information en masse from the web and social networks. The "scraped" data can be organized to list liked and commented posts even when the social network doesn't provide this information. And different profiles with similar names can be linked to correlate activities.
-
Reverse search locates sites and pages on which an image appears. This feature can reveal profiles with similar photos but using different names. In the most sophisticated cases, doxxing can include images from security cameras and other public sources.
-
Anyone can consult public notices, civil and criminal proceedings, and press reports. Authors of "doxxing" use open data to increase the reliability of what they are exposing.
-
In more serious cases, files leaked from company databases can also be part of doxxing.
-
Conversations can become exposed when the doxxer interacts with the victim or has a trusted accomplice (informant). In some cases, accounts and profiles belonging to either the victim or the person they trust can be hijacked.
How to protect yourself
Everything we do on the web, including conversations and interactions on social networks, leaves a "digital footprint" that can be exploited by criminals and other malicious people. People must be aware of this risk when using networks since believing information in different places cannot be linked is a misconception. That's why it's important to avoid leaving profiles set to public and to delete accounts you no longer use.
Additionally, be sure to protect your accounts with strong passwords and multi-factor authentication to prevent intrusions, but also report this type of practice if you notice them on social media and other platforms.
If you’re suddenly bombarded with calls, emails, and messages from strangers or are being threatened, you may need to abandon your exposed phone number or email address.
Finally, know your rights. The legal route is the only viable answer in certain cases of doxxing. If you are the victim of a more serious case, collect as much evidence as possible, documenting proof and taking screenshots to report it to the police.