Doxxing is the publication of personal identifying information (home address, phone, employer, family members, photos) without the target’s consent, typically to enable harassment by third parties. The portmanteau is from “documents” via “dropping dox.” The attack relies on aggregating publicly-available data (social media, public records, data brokers, leaked breach corpora) into a profile published to mobilize a harassment campaign.
What it means in practice
The doxxing pipeline is consistent across cases. Reconnaissance: the attacker harvests public-source data (LinkedIn, Twitter, Facebook, Instagram, Strava, dating profiles, professional bios), data-broker output (Spokeo, Whitepages, BeenVerified), and breach corpora (HIBP, leaked data sold on cybercrime forums). Aggregation: the attacker combines fragments into a profile that an individual fragment would not produce (the home address from a property record plus the family graph from Whitepages plus the daily routine from Strava). Publication: the profile is posted to platforms where the attacker’s audience will mobilize against the target (Twitter/X, 4chan, Telegram, dedicated harassment forums). Harassment: the audience executes coordinated campaigns including SWAT calls, employer complaints, family contact, and on-site action. The structural defense is to reduce the upstream public footprint that feeds the reconnaissance.
Who is targeted, and by whom
Targets cluster in specific patterns. Journalists writing on controversial topics (recent waves: abortion-rights coverage, Israel-Palestine coverage, election-administration coverage in 2020-24). Domestic-violence survivors whose abuser identifies them in a new location. Public-facing employees of organizations the harassment audience opposes (judges in high-profile cases, prosecutors, school-board members, election officials). Activists and advocates on contested issues. Visible women and minorities in fields where harassment audiences concentrate (gaming, tech, online discourse). Operators range from individual harassers using publicly-available reconnaissance to coordinated campaigns running on dedicated platforms with shared targeting infrastructure.
What you can change today
Three structural defenses. First, reduce the upstream footprint: data-broker removal (DeleteMe or manual opt-outs at Spokeo, Whitepages, BeenVerified, Intelius), social-media audit (what does a stranger learn about your home, family, schedule from your posts and tagged photos), public-records suppression where state law allows (vehicle registration to PO box, voter-registration confidentiality programs in some states for protected categories). Second, harden the reachable surface: phone number not publicly listed, email aliases per service, social-media direct-message restrictions enabled. Third, build the incident response: who you call when a doxxing campaign starts (lawyer, employer security, platform escalation contacts, local law enforcement non-emergency line for SWAT-call protection); the response that works is the one rehearsed before the event.
