What Is Doxxing & How Can You Protect Yourself in 2025? by Sam Boyd

Sam Boyd

Published on: April 13, 2025
Chief Editor

Doxxing (or doxing) is when someone maliciously leaks your personal information on the internet. Generally, attackers dox people by piecing together information from across a victim’s online accounts. They then publish this information to incite harassment.

A doxxer can publish all kinds of personal information, including your name, age, date of birth, and home address. Additionally, it’s common for a doxxer to post criminal records, embarrassing online posts, and the names of family members.

Practicing good digital hygiene is the first step to prevent yourself from getting doxxed. Additionally, cybersecurity services like Norton can help in several ways. It can stop you from accidentally giving out your personal information to phishing sites, show you whether you’ve already been doxxed on the dark web, help you get data brokers to stop selling your sensitive details, and more. I’ll cover all this as well as other tools you to use and practices to adopt if you want to stay safe.

GET NORTON

How Does Doxxing Happen?

Doxxing involves gathering and spreading information about an individual to harm the victim through humiliation, harassment, or physical harm. In most cases, this involves posting someone’s contact details alongside information that is either embarrassing or could be a source of ire to a specific audience or the general public.

Here’s a roadmap of how an attacker can piece together different bits of information to dox you:

• Social media. Your social media is probably littered with breadcrumbs, such as the last concert you attended, your favorite bar, and more. These could tell an attacker where you live or help them narrow down your address information. There have been many instances where even an interior shot of a person’s home was enough for internet sleuths to identify their address, often using public real-estate photos.
• WHOIS domain search. This is relevant if you own a website. Most website registrars publish your complete information — billing address, email, phone number, etc. — in the WHOIS lookup database.
• Phishing attacks. Hackers can set up fake quizzes, giveaways, contests, or other shady pretexts to con you into giving up personal information. For instance, you might give your exact address if a contest promises you’ve won a MacBook and it’s pending delivery.
• Government records. Some attackers with access to government records can quickly uncover much information about you. They might only need your name or license plate number plate to start. Much information of this nature is publicly available to anyone.
• IP addresses. IP addresses are hit or miss. While they usually can’t identify your exact location, they can give someone a rough idea of where you are. Keep in mind that the operators of every website you visit can see your IP address. Using a VPN is the best method to stay anonymous because it hides your real IP address when you connect to one of its servers.
• Packet sniffing. This is a common occurrence on unencrypted and public Wi-Fi networks that allows hostile actors to see what information you transmit over the internet. In other words, if you’re caught up in a packet sniffer’s operation, the attacker could gather all kinds of information about you.
• Data brokers. Data brokers scrape and collect as much individual data as possible to sell to the highest bidder. Some sell this data to legitimate advertisers, while others profit even more by selling to buyers on the dark web to potential doxxers. If someone is going after you, they could get your information by paying a data broker.
• Data breaches. Legitimate platforms that collect user data can be breached by skilled hackers. In turn, they can sell or freely publish this information on the dark web.
• Personal grudges. Finally, some are doxxed by people they know in real life. In this case, the doxxer already knows the target’s personal information and simply posts it online to hurt the victim.

In short, there are tons of ways to be doxxed. Bad actors can use any number of these methods (or even just one) to gather information about the people they want to dox.

What Information Is Leaked in a Doxxing Attack?

In short: anything. Doxxing covers a wide umbrella. Being ‘doxxed’ could mean someone posts a link to a public record containing your personal information. Or it could involve a comprehensive post outlining your medical history, sharing your full name, home address, and financial records, and every post you’ve ever made on web forums.

Here are some types of information that often come out in a doxxing attack:

• Personal information. At the most basic level, doxxing is tying a person’s pseudonymous online identities to their actual name. In some cases, family members are targeted, too.

• Contact information. Includes your email address, phone number, and home address.
• Work information. For example, work address, company name, boss/supervisor’s email, etc.
• Online history. Account names, past posts, and so forth.
• Criminal history. This could include arrest records or court cases.
• Medical information. Doxxers may reveal sensitive information you’ve shared with others or even post confidential records obtained illegally.
• Private correspondence. If a doxxer wants to hurt you, they may try to access and leak your DMs.

The Dangers of Doxxing

Being doxxed can have far-reaching consequences. The specific circumstances of why a person is doxxed and the type of information involved have a big impact on the possible results. In any case, here are some of the hidden dangers of doxxing attacks:

• Physical harm. You may be harmed physically if your address (home or workplace) leaks. For instance, someone can call the police on you — a practice referred to as swatting. There have been multiple instances where a swatting incident has led to a death. A man in Tennessee died of a heart attack after police surrounded his home with weapons drawn after someone reported a fake murder at his house.
• Mental health impact. Having your information leaked (especially if it’s embarrassing or sensitive) can be traumatic. If the doxxing is accompanied by online harassment, the risks of mental health harm are even higher.
• Identity theft. If enough information is leaked, the doxxers are practically inviting online trolls to steal your identity. This can lead to serious financial and even legal harm if your information is used to take on loans and commit fraud.
• Employability and professional advancement. If the dox contains damaging or scandalous personal information, it could seriously impact your ability to find work.
• Social relationships. Your relationships (present and future) could also be affected as people judge you based on what they’ve seen online. Doxxers often share embarrassing details with friends and family they identify through their research.

Understanding Doxxing Laws: Is It Always Illegal?

The legality of doxxing is a grey area. Simply sharing information online is usually not a crime. However, doxxing can be a crime in some jurisdictions when the intent behind the leak is malicious or accompanied by harassment.

In the US, doxxing is generally legal, with some caveats. The act of doxxing (posting someone’s personal information or posting about how you connected an online account to a real identity) is legal. It’s also legal for someone to share something you have publicly posted. If the posts are followed by threats and harassment, those subsequent acts could be illegal. Even then, it would generally be the harassers who are liable for prosecution, not the original poster of the dox.

Alternatively, if the dox was acquired by hacking rather than just sleuthing, there’s a good chance the doxxing party has broken the law. However, if your personal information or details of your past are simply shared with a wider audience, there’s not much you can do.

How to Prevent Doxxing

Nobody intentionally sets themselves up for doxxing. However, some lifestyles and internet habits may make you an easy target. Here’s how to reduce your chances of becoming a victim.

Use an Antivirus

Antiviruses like Norton do more than just keep your devices free of malware. They can also help you avoid doxxing via a suite of privacy-focused features, such as:

• Dark web monitoring. Scours dark web sites and forums for personal data such as your email, physical address, mother’s maiden name, driver’s licence number, and other sensitive information. That way, you can quickly react to leaks before they get too damaging.

• Phishing protection. Services like Norton 360 Deluxe block fake websites designed to steal critical information from you. This information could have been sold to data brokers or used in a direct doxxing attack against you.
• Data broker removal services. Removes your information from popular and niche people-search sites and data brokers. Otherwise, these data points could be aggregated to form your complete profile, making it easier to get doxxed.
• Malware protection. There have been incidents where individual users were targeted with spyware by those trying to dox them. A good antivirus will stop 100% of malware.

Get Norton 360 Deluxe for £29.99! *First-year pricing. Renews at £89.99/year.

You can save 66% if you act right now.

60% SUCCESS

Get Deal

Use Strong Passwords

Your online accounts likely contain tons of sensitive information that is unavailable to the public. For instance, a hacker accessing your social media account can find your real name, address, email address, phone number, private messages, and so much more. That’s why you need to secure your accounts with a strong password.

The best passwords are ones that are virtually impossible to remember. This obviously presents a conundrum. The solution is to use a reliable password manager like 1Password to generate, securely store, and even autofill your passwords on trusted devices. I also recommend enabling two-factor authentication (2FA) on your accounts for an extra layer of security — I like how 1Password will point to any accounts that can benefit from 2FA.

Try 1Password with a risk-free trial!

Use 1Password’s 100% free trial to see if it’s the right password manager for you.

60% SUCCESS

Get Deal

Use a VPN

A VPN changes your IP address, throwing off anyone trying to use your IP address to hone in on your location. This is especially important if you trade crypto on a peer-to-peer platform, play online games, or are active in online communities in ways that you’d rather not be publicized.

Even so, you shouldn’t use just any VPN. Some VPNs leak your data, including your IP address. I recommend only using VPNs with excellent built-in leak protection, like ExpressVPN. This will keep your IP address (and thus your rough real-world location) and internet usage private from any would-be snoopers.

ExpressVPN: Save 61% on the 2-year purchase!

Get a full 61% discount on the 2-year purchase.

64% SUCCESS

Get Deal

Compartmentalize Your Internet Usage

Account compartmentalization vastly reduces the risk of someone tying your various accounts together and linking them to your real name. One key practice is to use unique usernames across your various accounts. For example, your Xbox gamertag shouldn’t be the same as your YouTube or Reddit usernames. Particularly for sensitive sites, don’t use usernames even remotely similar to those you use on public ones. There have been many cases where doxxers have tied an identity on one website to another account with a similar name.

Furthermore, consider using separate emails to register different accounts. This is a good idea because it’s possible, through no fault of your own, that a breach could make it public which email address is tied to your username on a given site. This can allow would-be doxxers to connect your various accounts and potentially find your real identity. For example, a breach on a pornography site could seriously impact you if you signed up using your main email.

You probably don’t need to do this for every account. It’s best for a controversial website or if you post sensitive information under an account. Services like email aliasing (offered as an add-on with 1Password) make doing this much more convenient.

In any case, never use a professional email (or even one that so much as hints at your real name) on an account where you share information that you don’t want to go public. Don’t use your main email to create throwaway forum accounts. McAfee’s Online Account Cleanup tool is great at identifying accounts tied to an email, pointing you to potential doxxing risks.

Avoid Third-Party Logins

Many online services now allow you to securely log in or create an account via Apple, Google, or other existing accounts. This is very convenient. You’ve probably created dozens of accounts via this method.

However, a breach of the primary login account (say, your Gmail account) gives the hacker access to your information on other connected accounts. I recommend avoiding third-party logins, at least for sites you don’t want tied to your real identity. You can get a similar level of convenience by using a trustworthy password manager. I also recommend going into your Google and Facebook settings and viewing all connected accounts. If you see anything that you aren’t comfortable being linked to your real identity, sever the connection.

Stay Private on Social Media

Set your social media accounts to private, ensuring only family and friends can see the content you post online. This will minimize the chances of someone outside your circle leaking sensitive information you mistakenly posted. Some tools can make this easier. For example, McAfee has a tool that makes it easy to optimize your privacy settings on all of your social media accounts in a matter of clicks, while Norton offers social media monitoring.

Of course, not everyone wants to or can do this. Whether you’re a social media personality or just like sharing your life online, there are some steps you can take to avoid having truly sensitive details of your life leaked. Here’s what I recommend:

• Watch what you post. Do not post anything that could identify where you live, even your neighborhood. You’d be surprised at how people can get your address — objects reflected in sunglasses have resulted in sleuths finding out posters’s addresses.
• Be careful what you say. When on a live stream or engaging with your followers online, never get too carried away that you give off bits of personal information that you aren’t comfortable sharing. Even if a piece of information seems minor, a close follower could use dozens of such points delivered over the years to learn everything about you.
• Be careful of random interactions. Not everyone interacting with you online is who they claim to be. Always be on your guard so you aren’t tricked into giving away sensitive information. Even if you know the person behind the account, consider whether they may have been hacked if they start asking intrusive questions.
• Fudge small details. You don’t have to outright lie, but it can be a good idea to bend the truth a little bit when it comes to sharing your personal information. For example, you could say you’re a year older than you actually are, give your pet a fake name, or say you live in a different neighborhood. This can throw off someone trying to dig too deep.

Remove Your Data From Brokers

If you’ve ever entered your phone number, email address, or any other personal information in an online form, there’s a good chance that a data broker has that information. To minimize the risks of being doxxed, it’s best to get your information out of data brokers’ hands. That way, they can’t sell or leak it.

The bad news is that chasing down data brokers and effectively removing your data is challenging. You might not even know where to start. The good news is that you can use trusted data broker removal tools to smooth things along. Norton offers something that does this for US customers, as does Surfshark through its relationship with Incogni.

Other Relevant Tips

You can add these to the list of tips to keep yourself safe from doxxing:

• Check if you’re already doxxed. Search your name on Google and do a reverse image search for profile pictures you use widely. See whether you can remove any of the results by logging into an account and deleting sensitive information. For example, if you have a public CV posted online, take it down if it shares too much information.
• Delete old/unused profiles. You don’t know what key or personally identifying information, no matter how small, those profiles might contain. Again, McAfee’s Online Account Cleanup tool helped me do this.
• Avoid shady online quizzes. Some fun quizzes may be designed to steal and sell your data to brokers. They can come as matchmaking quizzes, future prediction quizzes, etc.
• Remove file metadata. Don’t upload files, such as photos, to social media with the metadata intact. Otherwise, anyone looking to dox can use that information to identify your location and other details.
• Set up Google alerts. Create Google alerts for your name(s) to know if anyone posts anything about you online. This will enable you to take the proper steps promptly.
• Be careful on live streams. This is especially true for gamers and anyone else who shares their computer’s screen with viewers. Always remember not to share screens that may reveal personally identifying information. To avoid embarrassing slip-ups, use a dedicated browser for streaming, one that you absolutely never touch except while streaming.

Editors’ Note: ExpressVPN and this site are in the same ownership group.

How to Know if You’ve Been Doxxed

Depending on how and why you were doxxed, the signs could be plain as day or incredibly subtle. On the one hand, you may only find out if you actively research yourself on the internet. Alternatively, you may receive messages straight up telling you that you’ve been doxxed.

You may also receive strange home deliveries if your home address gets leaked. These can range from food delivery services to threatening or potentially embarrassing items.

What to Do if You’re Doxxed?

Here’s what to do to take back control of the situation:

• Consider your safety. If your address gets leaked, you may understandably worry for your safety. That said, your address may already be public, so someone simply pointing this out may not represent real dangers. Ultimately, you need to do what makes you feel safest.
• Document everything. Take screenshots of malicious messages that share your personal information. If you receive calls, record them if local laws allow. You can use these to get harassers banned on the websites they use and, potentially, to aid a future legal case.
• Report the doxxers. Most major websites have policies against doxxing and harassment. If you see your private information being shared or are receiving harassing messages, report the person to whatever website they’re using.
• Look into contacting law enforcement. If you are actively being harassed and threatened, contact law enforcement.
• Take legal steps. Consult a lawyer to get an idea of what you can do legally. They’ll help you find the best way to get justice and prevent escalation. Chances are, they’ll be able to quickly know whether you have a case or not.
• Change your contact information. If you’re actively being harassed, you can change your email and phone number.
• Secure online accounts. If you have reason to believe that you were doxxed via hacking rather than internet sleuthing or a personal grudge, you’ll want to lock down your accounts. Change your passwords for your email, social media accounts, and anything else you think might be compromised. In a particularly bad scenario, consider outright deleting accounts where you’re being harassed.
• Get support. Stay with family and friends, and seek professional help if needed.

How to Report a Doxxing Incident

The right way to report a doxxing incident depends on the platform. Most social media platforms and online communities ban doxxing and have streamlined methods for reporting rulebreakers.

To give you an idea, here’s how to report someone on X:

1. Locate the post(s) where your personal information was revealed.

2. Click the menu option on the post(s).

3. Find and click the report feature. This could be named “Report post,” “Report,” or something similar.

4. Pick the appropriate reporting type. If you don’t see doxxing as an option, say that it’s privacy related.

5. Follow the rest of the on-platform prompts to complete the report.

Frequently Asked Questions