What Is Doxxing, Is Doxxing Illegal, How To Avoid It?

Written by Aaron R. Winston
Last Updated: March 11, 2024 4:50pm CDT

We are living and existing more online than ever before. Our lives have shifted online over the past several years.

According to the CIA’s The World Factbook, about 8 out of 10 people have internet access, which equates to almost 4.9 billion people having the door to countless possibilities open for them.

That total is 4,840,687,31 people, to be exact.

Whether you want to make friends or withdraw money from your bank, it can be done online. It allows for life-changing opportunities, both the opportunities to do good and cause harm.

The internet continues to see both ends of the spectrum. We can use it to connect with our geographically distant loved ones via social media or engage in criminal activities such as fraud, phishing, or cyberbullying. 

For this FAQ article, we will focus on a more recent phenomenon called doxxing, as it has become mainstream. 

A recent doxxing incident involving a viral Tik Tok video has brought the issue of doxxing to the forefront.

It all began with a published Tik Tok video showing what appears as two women mocking a social media influencer, Jackie La Bonita, for taking a selfie of herself at a baseball game. 

The two women shown in the recorded video footage, who have been dubbed “mean girls” by the influencer’s fans on the internet, have been receiving a wave of hatred, including people searching for their names, social media profiles, and places of work and exposing that info online.

We’re now at a stage where many of us have a permanent address online, just like in real life. This puts more people at risk of being doxxed than ever before.

In addition to this article discussing what doxxing is, we provide info such as:

• The etymological origin of doxxing
• Types of doxxing
• Examples of how people can be doxxed
• What you can do to lessen the chance of you being doxxed
• The legal and criminal implications of doxxing

What Is Doxxing? [Video]

The concept of doxxing involves the malicious online act where a person or persons expose someone’s personal information or identity through the internet. Doxxing is often done by people publishing sensitive and personally identifiable info on community forums, such as Reddit, a social news and discussion website.

People carry out doxxing for many reasons. However, people often doxx someone to accomplish one of the following: 

Reasons People Doxx Someone

• To threaten or blackmail an individual
• As an act of revenge or anger
• To embarrass or bring shame to an individual
• For personal publicity
• As an act of collective bullying
• To encourage others to leave bad reviews of a business

Although the information often posted online by people who doxx can include a myriad of details about someone, there are common themes among what type of info is doxxed, including names, contact details, addresses, and social media accounts, to name just a few.

Doxxing can compromise the privacy of the victim and can put them in a vulnerable and unsafe position. 

Over the last several years, doxxing has become an accompaniment to online trolls (internet bullies), internet detectives, comment wars, and escalated debates, wherein one or more involved parties resort to leaking information to prove a point, assert dominance, and subdue the opposite party. 

Why Is It Called Doxxing?

The etymological origin of doxxing is the combination of “dox,” which is hacker shorthand for documents (docs), and the word “dropping.” It’s a self-describing hybrid of dropping dox (documents) and information online about a person.

What Are Some Examples of Doxxing?

According to the American Library Association, doxxing can come in many forms. These include: Revealing the victim’s personal information: Name, contact details, home address, place of work or study, social security number, credit reports, and mortgage details. 

In addition to the above, doxxed information can include the following:

Types of Doxxed Information

• Private photos 
• The identity of family members and their details
• Addresses, such as someone’s private residence
• Contact details, such as phone numbers and email addresses
• Social media profiles
• Workplace
• Employment info and job titles
• College and school info
• Institutions the individual is associated with or is a member
• Someone’s religion or faith 
• Medical conditions
• PPP loans (Paycheck Protection Program)
• Info that helps to identify and disambiguate (distinguish between similarly named people or things) someone.

Common Examples of Intent

• Harass or pressure an employer or institution: People often seek to pressure and harass employers and colleges to take action against the doxxing victim, such as to have them fired or expelled from college.
• Encourage groups of people to harass the individual via the leaked data.
• Extort the doxxing victim.
• Revenge-intent: One of the most common types and intent of doxxing is revenge. With spiteful intent, when someone leaks information, we can say it’s revenge doxxing. 
• Against Public Figures: Although this may seem like Page 3 gossip or an ‘oops’ moment by a celebrity or politician, it goes beyond that. Many well-known figures have been victims of doxxing, where highly sensitive information such as credit card and payment information, social security number, etc., have been leaked online.

Doxxing Based On Mistaken Identity

Although doxxing is wrong in general, there are times when it is also factually incorrect. 

Doxx Wrong Person Who Has The Same Name

For instance, someone out of anger attempts to doxx person ‘A’ by looking up and pulling their data. However, person ‘A’ has a common first and last name.

So in the perpetrator’s haste to dox, they mistakenly locate person ‘B’ and expose their info instead. When this mistake is made, it can cause a wave of harm to an unrelated person who the doxxers are not trying to expose.

The mistaken-identity doxxing victim is caught in the eye of the storm even though they have no relationship to the event or incident. When this occurs, it is all but guaranteed to lead to severe emotional distress.

However, it can also harm the doxxed person’s reputation and, in extreme cases, result in loss of life. There have been many cases of faulty doxxing in recent years.

Historical Examples of Doxxing

Over the last decade, there have been several high-profile and newsworthy doxxing incidents have occurred. Not all were seen in a negative light.

• Boston Marathon Bombing: After the FBI released photos of the two people suspected of being the bombers responsible for the Boston Marathon bombing and requested the public’s assistance in identifying them, online sleuths and amateur detectives took to the internet and began doxxing people to solve the crime.
  Out of the thousands of tips called into the FBI in Boston, not one of them was correct, so a significant outcome of the 2013 FBI press conference where they showed the two suspects calling one white hat and the other black hat to request the public’s help was a significant amount of doxxing took place.
• Curt Schilling doxxed Twitter trolls: Retired Major League Baseball player Curt Schilling utilized doxxing in 2015 to identify the Twitter users who tweeted sexually explicit tweets and comments about his then 17-year-old daughter.
  At least two of the Twitter trolls who participated in and made vulgar comments on the obscene tweets about Curt Schilling’s daughter were punished, including one person getting fired by the New York Yankees. This example of Curt Schilling doxxing online trolls on behalf of his daughter demonstrates how doxxing is not inherently a crime.

How Does Doxxing Happen?

Just like cyberattacks, doxxing can happen in many different ways. Although doxxing someone generally leads to the same outcome of identifying and spreading someone’s info on the internet, people use many ways and methods to doxx, with some being more skill-based and technical than others.

How To Doxx Someone

Some of the most common ways you can get doxxed by someone include the following list:

• Social media doxxing
• Doxxing PPP loans
• IP address doxxing
• FINRA BrokerCheck
• Swatting
• Phishing
• Sniffing
• Data broker companies

Social Media Doxxing

Social Media Doxxing: One of the mainstream ways people get doxxed is social media doxxing. This type of doxxing has become increasingly popular as there are many avenues for people to get into anonymous yet heated debates online, with one primary place being Reddit.

Online cyber bullies, known as Internet trolls, use info from the doxxed person’s social media profile and activity to build a picture of who the person they are bully is.

Social media platforms like Facebook can provide a trail of breadcrumbs that make it easy for people to get doxxed. This can get exponentially worse when hackers use methods to hack into accounts for unfettered social media profile account info, which would otherwise be unavailable to the public.

Expert Tip About Preventing Social Media Doxxing: It-Consultant Kristoffer Thun, who brings more than 10 years of IT industry experience, shared with us the following info that everyone can benefit from when it comes to social media and doxxing:

Maintaining safety while navigating the digital space is an intriguing topic. To protect oneself from doxxing, I believe in practicing “informational minimalism.”
Before posting personal details or photos that reveal your location, it is crucial to think twice. This strategy may seem simple, but it is a powerful way to maintain a low profile and safeguard your privacy.

Doxxing PPP Loan Info

PPP loans (Paycheck Protection Program): Beginning in April 2020, the government started the Paycheck Protection Program under the Cares Act. The program provided loans to small businesses and nonprofits to incentivize companies not to fire their employees due to the sudden economic hardship resulting from Covid-19.

The goal was to keep employees on the payroll. One thing that made PPP loans so enticing was that they could be forgiven, which meant they did not need to be repaid if certain conditions were met.

Soon after PPP began, people began doxxing the PPP info, which was publicly available, to point out what industries borrowed the most PPP loans and how some were industries that are associated with higher salaries than most.

The concept was that they were wealthy and did not need to borrow PPP loans to maintain their current payroll and avoid layoffs.

One industry that received a lot of speculation was lawyers’ offices (law firms), as the federal data shows that several law firms each received $10,000,000.00 in PPP loans. The SBA database provides this financial information and identifies the lenders that loaned the money to each company.

Doxxed With an IP Address

IP Address Doxxing: In the case of IP address doxxing case, the doxxer locates someone’s IP address and uses that information as a clue to reveal details of your physical location.

The attackers can use various social engineering and manipulative techniques to call up and deceive your internet service provider(ISP) into giving them more information about you, like common customer data.

Typically this can be done by spoofing your phone number, which makes it look like your phone number is calling up customer support for technical assistance, which is not the case.

Doxxing FINRA BrokerCheck Reports

FINRA (Financial Industry Regulatory Authority, Inc.) BrokerCheck Doxxing: When it comes to researching financial advisors, people can use what is known as BrokerCheck.

The platform is similar to a state bar’s lawyer listing in that it allows you to search for a professional’s profile and access detailed reports to determine if they are in good standing and are qualified to serve clients. In the case of financial advisors, that means managing their client’s money and handling their investments.

Just like a state bar is responsible for ensuring proper practices are kept and is supposed to look out for and protect clients from lawyers acting in bad faith, so is the case with FINRA and the broker-dealers it regulates. Broker-dealers directly oversee financial advisors on behalf of FINRA).

The info and documents provided by brokercheck.finra.org are immense. The most valuable document people can access and, in theory, use to doxx a financial is the detailed report, which can be downloaded as a PDF. The personal info that can be found by accessing a detailed BrokerCheck report includes the following:

• The broker’s full legal name
• State registrations
• Securities exams passed
• Professional designations
• Employment history
• Volunteer activities

FINRA intentionally makes this info available to protect consumers and companies. That said, the info provided in a broker’s detailed report can be doxxed and used as clues to assist “online slueths” in finding additional info that can be doxxed.

What is Doxxing and Swatting?

Swatting: Swatting is a dangerous criminal harassment tactic that involves notifying first responders and police about a ‘crime’ that has or is currently taking place at the doxxed victim’s residence.

The crime that is falsely reported to the police dispatcher is typically violent and dangerous, as the people who are doing the swatting need to convince the authorities to call in a swat team to “swat someone.” Swatting can place the doxxed victim in a very dangerous situation and is a prosecutable crime in the United States.

Phishing Hacking Used for Doxxing

Phishing: Although phishing is often done with the malicious intent of identity theft, it also is used in doxxing attacks where unsuspecting people unknowingly provide login info, which can be used to gain further information about the targeted doxxed victims. 

Sniffer Hacking

Sniffing: Refers to the process where a hacker intercepts the data sent on the internet between parties. The hackers sift through the doxxed victim’s internet traffic for vulnerabilities, and any personal information can be collected and then ultimately exposed through doxxing.  

Data Broker Companies

Data Aggregators or Brokers: Some entities, such as data brokers, can access and sell public records of individuals. Doxxers can purchase these from these data aggregators and use them to help them identify more info to dox the victim. 

Expert Tip About Data Brokers: Personal Cybersecurity Expert James Wilson, the founder of My Data Removal, shared his valuable advice with us on how to avoid being doxxed based on his extensive experience advising clients about how to protect their personal data from data brokers and people search websites. James informed us of the following:

People should opt out of invasive data broker sites whenever possible and consider deleting or limiting their social media accounts (who can see them.)
Also, to prevent being doxxed, you can make your online presence more anonymous by using pseudonyms (not your real name) for profiles.

What To Do If You Get Doxxed?

The concern of what to do if you get doxxed is more real than ever, as complaints of doxxing continue to be made by people who were doxxed via popular platforms such as Discord, Reddit, and Twitter. More and more people are searching on Google to find answers about what is doxxing and what to do if they get doxxed. 

Getting doxxed can be scary and anxiety-inducing, to say the least, and people are often left shocked and not knowing what to do.

Hopefully, you will never have to experience a doxxing attack. However, you can take measures and actions to lessen the impact and harm after getting doxxed.

To assist with this effort, we have made a list of tips and actions you can do in the hours after getting doxxed. 

Steps You Should Take After Getting Doxxed

• Contact the website or forum where your information has been leaked and posted for everyone to see. Most of these websites should have a support page or knowledge base with instructions on how to request the info to be taken down. Some larger platforms, like Facebook and Twitter, have unique app functionality for you to report fake accounts and doxxing and make take-down requests. 
• Document every instance of the doxxing attack by keeping track of what info was doxxed and where. You should take screenshots and make a list of all the web pages and social media profiles, which is the evidence you need to convince the website to take down your doxxed info. Unfortunately, websites often are hesitant to take down doxxed information, which makes this evidence all the more crucial. 
• If the doxxing revealed your banking or credit card info, you should contact the financial institutions. They can freeze your card and issue you a new card that has new account numbers and new pin codes on them. Otherwise, someone can drain your bank account using your debit card, which is a serious crime.
  You can often lock a debit or credit card without calling the number on the back of your card by using a credit card or banking app, which you can download to an iPhone or Android device. Although, you must log in to the app using your account ID and password to accomplish this.
• Contact the local authorities, such as your local police or Sheriff’s department. Depending on the criminal elements involved, they may be able to help you. 
• Change your passwords to all your online accounts, including email addresses that were not doxxed. 
• Review your online accounts’ security and privacy settings and set two-step authentication if possible. This can help prevent additional sensitive information from being leaked.  
• Be easy on yourself. It is not your fault, even if you were careless with your account info. You can reach out to people you trust for help and emotional support. Telling your loved ones about the situation can help immensely following a doxxing. If you encounter unpleasant and hurtful things online, don’t beat yourself up, as being hard on yourself will not solve the situation. 
• Schedule an initial consultation with an attorney to learn your legal options, including whether they advise you to sue.

How Can Doxing Affect the Victim?

Doxxing can have severe consequences and impact on the victim. Emotional distress, loss of reputation, public shaming, severed relationships, termination from the workplace or other institutions, hate comments & harassment are some of the effects of doxxing.

It can damage the victim, such as causing emotional instability, depression, and the tendency to self-harm in dire cases. 

How To Avoid Getting Doxxed?

According to SafeHome.org, “Over 43 million Americans have been doxxed, resulting in lost friends, jobs, and identities.” Doxxing, although a reality since the 1990s, has worsened since the social media revolution began some 15-plus years ago.

There are proactive measures you can take, which are also the answer to the question, “What are things you can do to prevent doxxing?”

How To Prevent Doxxing

• Although ironic, self-doxxing is one way to get started. A simple Google search will reveal how much information about you is readily available online. You should search your name, street address, phone number, and email address to investigate what personal information of yours is already available to potential doxxers online. You should remove the personal info immediately. Doxxers can use that info to help them locate and doxx more sensitive data.

• Keep your online accounts secure. You should frequently change passwords and use strong passwords by having a unique and hard-to-guess password for each account. Not doing this is a common mistake people make out of laziness, as they tend to use one password across multiple accounts because “it is hard to remember all of them.” This leads to huge vulnerabilities. 
• Be careful sharing your accounts and passwords among family and friends. The more a login circulates, the more likely it is to fall into a doxxer’s hands.
• Use a password manager app like LastPass, 1Password, or DashLane. 
• Avoid oversharing on social media. Don’t divulge sensitive information such as passwords, flight boarding passes, travel itineraries, or your locations. It’s also wise to delete social media accounts you no longer use. 
• Use a VPN (virtual proxy network) service to avoid disclosing your location via your IP address.
• Don’t use shared Wi-Fi networks at the airport or hotel lobbies. These free wireless internet connections are not secure and pose a significant risk. Hackers can steal your info if you connect your device to an unsecured Wi-Fi network. A solution, although not perfect, is to use a VPN app while using an unprotected connection.
  

• Wherever possible, enable Multi-Factor authentication as a requirement to log in. 
• Set up alerts in the website or app’s security settings to be notified of when an unrecognized device accesses your account. 
• Create a Google alert for your name and its variants by including your middle name, middle initial, or a suffix (For example, Jr. or Sr.).
• Sign up for a subscription to a personal data removal service, such as DeleteMe. I have been a subscriber to DeleteMe’s annual family plan for two years, and I can attest from personal experience that it works impressively well for the relatively low price.

Can a VPN Prevent Doxxing?

Yes, a VPN or Virtual Private Network can help prevent doxxing. VPN services hide your actual IP address, which will make it next to impossible for a hacker to identify your IP address or ISP (internet service provider), which they use to get your physical location and other details about you.

Expert Tip About VPN: IoT expert Vikas Kaushik, CEO of TechAhead, gave us advice about why companies should use VPNs and educate employees about phishing.

Vikas Kaushik drew upon his more than a decade’s worth of relevant industry experience to share the following words of preemptive caution.

Consider using a reputable VPN service to protect your IP address. Stay vigilant about phishing attempts and educate your team to recognize and report suspicious online activities. Taking these precautions reduces the risk of falling victim to doxxing threats.

Is Doxxing Illegal?

No, in the strict sense doxxing as a standalone act is not illegal or a crime in the United States. However, there are laws in place across different states in the US that address cyberattacks, stalking, and harassment.

The violations that these laws address often accompany doxxing, which means you can often find doxxing as an act used to commit many types of prosecutable offenses that can land you in jail, such as:

How Doxxing Can Lead To Jail Time?

The following is a list of crimes that people who doxx may find themselves being sent to prison if found guilty:

• Harassment
• Cyberstalking
• Identity theft
• Inciting violence
• Invasion of privacy

Some states, such as California, have enacted additional statutes which address cyberbullying and harassment by making it a criminal misdemeanor for any individual to use electronic devices such as computers to threaten another person or intentionally cause them harm in any manner.

Although these laws do not address doxxing directly, they are applicable as doxxing can be a critical factor in cyberbullying and cyberstalking cases.

Can You Sue For Doxxing?

Yes, it is possible to sue someone for doxxing, especially if they post private and personal data of yours. You can bring a tort, which is a type of civil suit against the people who doxxed you. When you bring a lawsuit against doxxers, you can claim you should be financially compensated for the doxxing that was done to you.

This is why it is essential to be proactive and collect all of the evidence you can find. Online and offline evidence will strengthen your claim and chances of making it successful. 

Sue For Loss of Income and Damages Caused By Getting Doxxed

In addition to suing for your loss, which can include loss of income from the harm the doxxing caused to your reputation(losing clients), you can seek damages for intentional infliction of emotional distress. Emotional distress damage is a type of pain and suffering. 

In the case the doxxers confused you with someone else, you can still seek damages for the harm you suffered from the doxxing.

Can You Sue Your Doctor For HIPPA Violations?

No, you cannot sue a doctor or hospital for HIPPA violations that led to your getting doxxed, even if you suffered emotional distress. Although HIPPA is a set of guidelines made by the states for doctors to follow, they do not include provisions that allow patients to take civil action against medical providers.

On the other hand, medical malpractice suits allow patients to sue for alleged negligence and seek damages such as pain and suffering by holding the doctor and hospital liable for harm caused to them, such as botched surgeries.

Closing Statements On What Is Doxxing and How It Works

We at Express Legal Funding, a pre-settlement funding company based in Plano, Texas value upholding the law and condemn cyberbullying. To put this into action, we wrote this article to help people to protect themselves from being doxxed. 

If you found it insightful, we encourage you to learn from our other articles on the Express Legal Funding company blog. You can read in detail about what we do for our clients nationwide by providing them with pre-settlement funding.

About the Author

Author profile

Aaron R. Winston

Strategy Director at Express Legal Funding | Author Website

Aaron Winston is the Strategy Director of Express Legal Funding. As "The Legal Funding Expert," Aaron has more than ten years of experience in the consumer finance industry. Most of which was as a consultant to a top financial advisory firm, managing 400+ million USD in client wealth. He is recognized as an expert author and researcher across multiple SEO industries.
Aaron Winston earned his title "The Legal Funding Expert" through authoritative articles and blog posts about legal funding. He specializes in expert content writing for pre-settlement funding and law firm blogs.
Each month, tens of thousands of web visitors read his articles and posts. Aaron's thoroughly researched guides are among the most-read lawsuit funding articles over the past year.
As Strategy Director of Express Legal Funding, Aaron has devoted thousands of hours to advocating for the consumer. His "it factor" is that he is a tireless and inventive thought leader who has made great strides by conveying his legal knowledge and diverse expertise to the public. More clients and lawyers understand the facts about pre-settlement funding because of Aaron's legal and financial service SEO mastery.
Aaron Winston is the author of A Word For The Wise. A Warning For The Stupid. Canons of Conduct, which is a book in poetry format. It consists of 35 unique canons. The book was published in 2023.
He keeps an academic approach to business that improves the consumer's well-being. In early 2022, Aaron gained the Search Engine Optimization and the Google Ads LinkedIn skills assessment badges. He placed in the top 5% of those who took the SEO skills test assessment.
Aaron's company slogans and lawsuit funding company name are registered trademarks of the United States Patent and Trademark Office. He has gained positive notoriety via interviews and case studies, which are a byproduct of his successes. Aaron R. Winston was featured in a smith.ai interview (2021) and a company growth case study (2022).
In 2023, Aaron and Express Legal Funding received accolades in a leading SEO author case study performed by the leading professionals at WordLift. The in-depth data presented in the pre-settlement funding SEO case study demonstrate why Aaron Winston maintains a high-author E-E-A-T. His original writing and helpful content continue to achieve unprecedented success and stand in their own class.

Aaron was born in Lubbock, TX, where he spent the first eight years of his life. Aaron attended Akiba Academy of Dallas, TX.