Article Read Time
Doxxing: is the action or process of collecting and disseminating someone’s personal information to shame, embarrass, expose, or intimidate them
A crucial part of maintaining online data privacy is keeping personal information like your home address and SSN off the web. What happens when a cyberattack specifically targets the disclosure and publication of your personally identifiable information (also known as PII)?
It’s called doxxing, and approximately 11 million Americans have been victims of it.
This cybercrime is particularly dangerous because, although it occurs online, it can have serious real-world consequences for unfortunate targets. Doxxing occurs when a malicious actor publicly posts private, personal, or identifying information about an individual without their consent.
The type of information might include:
- Full name
- Home address
- Phone numbers
- Email addresses
- Workplace or employer details
- Social Security numbers and similarly sensitive data
- Private photos or documents
Anyone who sees that information can use it to harass, intimidate, and/or threaten the victim, online or in person. No one wants strangers, creeps, and weirdos to see details about their personal life.
Doxxing High-Profile Individuals
In recent years, corporate executives at major companies have increasingly become targets of doxxing, especially when their decisions spark public or internal controversy. One common scenario involves a company implementing a return-to-office policy after a period of remote work. If a high-ranking executive publicly supports this change, it can trigger backlash from employees or online communities who feel strongly about remote work.
In such a case, the executive’s personal information (including their home address, phone number, and family details) ends up online through platforms like Reddit, 4chan, or social media. The threat actor exposing this information often accompanies the leak with calls to harass the individual or even organize protests near their home. While political figures have traditionally been common targets, more threat actors are now directing these attacks at corporate leaders as well.
When this happens, companies often must increase physical security, issue legal notices, and engage cybersecurity firms to scrub the executive’s data from the internet. The targeted individual may need to step back from public-facing duties due to safety concerns, and the company might launch an internal investigation to assess the breach and prevent future incidents. Updates to executive protection protocols and employee privacy training should follow.
This kind of doxxing is not limited to CEOs. More board members, department heads, and even mid-level managers have also become targets. Even random individuals have been doxxed after petty internet disagreements.
As doxxing becomes more common and more dangerous, it can lead to cyberattacks, reputational damage, and real-world threats to physical safety. Once someone puts your information online, you also never know who else screenshotted or saved it.
The best way to avoid doxxing is to avoid oversharing on social media. That includes your full name, birthday, address, school, or workplace.
Set your profiles to private and review your followers or friends list regularly. Remember that your posts have an audience. If you wouldn’t share it with your distant acquaintance, then they shouldn’t read about it online.
Your pictures might include metadata that exposes when and where the photo was taken. Posting a large number of pictures can reveal to determined threat actors where you live, work, and spend your free time.
Worse still, oversharing online can make your family members, especially minors, vulnerable.
Essentials for staying safe:
- Enable multi-factor authentication (2FA) on all accounts.
- Use unique, strong passwords with a password manager.
- Avoid using your real name or primary email address in public forums, such as gaming platforms and social media.
If you find out that you’ve been doxxed, document everything and report the incident to the platform where your data was published. They should have measures in place to erase the problem. You should also involve law enforcement if physical threats to your safety arise.
Many places have made doxxing illegal, especially if it involves threats, stalking, or the release of any information that leads to harm. These laws vary by country and region, but they often fall within cybercrime or privacy violation statutes.
Doxxing has become a popular form of semi-anonymous retaliation, but you can help protect yourself and your family by taking common-sense precautions before you become a target.
Commonwealth Sentinel can help your organization stay secure by implementing robust password policies, utilizing practical multi-factor authentication tools, and providing comprehensive in-person cyber training for your entire staff. It only takes one skilled cyber criminal to cause damage, so your team must always remain vigilant. To schedule a consultation, click here or contact us at (502) 320-9885.
At Commonwealth Sentinel, we are focused on cyber security so that you can focus on other things.