Doxxing
What is Doxxing?
DoxxingPublishing or threatening to publish a person's private identifying information online with the intent to harass, intimidate, or facilitate harm.
Doxxing (also spelled doxing) is the deliberate exposure of someone's real-world identity, home address, workplace, phone number, family members, or other private details by aggregating data from breaches, social media, public records, and OSINT. Attackers use doxxing for harassment campaigns, extortion, stalking, or as a precursor to swatting or physical threats. The technique fuels many real-world security incidents and can cause severe psychological, professional, and physical consequences. Defences include strict privacy hygiene (data minimisation, separate aliases for sensitive accounts), opt-outs from data brokers, locked-down social profiles, MFA on email and phone, rapid takedown procedures with platforms, and engagement with law enforcement when threats escalate.
● Examples
- 01
Compiling a target's home address, employer, and family members from breached data and posting them on a forum.
- 02
Threatening to publish a person's private medical history unless they pay a ransom.
● Frequently asked questions
What is Doxxing?
Publishing or threatening to publish a person's private identifying information online with the intent to harass, intimidate, or facilitate harm. It belongs to the Attacks & Threats category of cybersecurity.
What does Doxxing mean?
Publishing or threatening to publish a person's private identifying information online with the intent to harass, intimidate, or facilitate harm.
How does Doxxing work?
Doxxing (also spelled doxing) is the deliberate exposure of someone's real-world identity, home address, workplace, phone number, family members, or other private details by aggregating data from breaches, social media, public records, and OSINT. Attackers use doxxing for harassment campaigns, extortion, stalking, or as a precursor to swatting or physical threats. The technique fuels many real-world security incidents and can cause severe psychological, professional, and physical consequences. Defences include strict privacy hygiene (data minimisation, separate aliases for sensitive accounts), opt-outs from data brokers, locked-down social profiles, MFA on email and phone, rapid takedown procedures with platforms, and engagement with law enforcement when threats escalate.
How do you defend against Doxxing?
Defences for Doxxing typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Doxxing?
Common alternative names include: Doxing, Document dropping.
● Related terms
- attacks№ 1065
Social Engineering
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.
- attacks№ 1118
Swatting
A criminal hoax in which a false emergency report is filed to provoke an armed police response, typically a SWAT team, against an unsuspecting victim's address.
- attacks№ 1021
Sextortion
Extortion based on the threat to publish or share intimate images, real or fabricated, unless the victim pays money or complies with further demands.
- attacks№ 511
Identity Theft
The misuse of another person's personal information to impersonate them, open accounts, obtain credit, claim benefits, or commit other fraud.
- attacks№ 275
Data Breach
A confirmed security incident in which an unauthorised party accesses, exfiltrates, or discloses sensitive, protected, or confidential information.
- privacy№ 818
Personally Identifiable Information (PII)
Any data that can identify a specific individual on its own or when combined with other information, such as names, identifiers, or biometric records.