What is Doxing?

May 13, 2025

Cybersecurity might as well have its own language. There are so many acronyms, terms, sayings that cybersecurity professionals and threat actors both use that unless you are deeply knowledgeable, have experience in the security field or have a keen interest, one may not know. Understanding what these acronyms and terms mean is the first step to developing a thorough understanding of cybersecurity and in turn better protecting yourself, clients, and employees.

In this blog series, we aim to explain and simplify some of the most commonly used terms. Previously, we have covered bullet proof hostingCVEsAPIsbrute force attacks, and zero-day exploits. In this edition, we dive into doxing.

This blog aims to provide a comprehensive overview of doxing, its implications, and strategies to safeguard against it.

Doxing 101

Doxing, derived from the phrase “dropping documents,” is the act of publicly providing PII and other data about an individual or organization without their consent. In recent years, this has predominantly been done using the internet and is a process that began in the late 1990s. The act of doxing an individual in of itself is not illegal depending on how the information shared is obtained. Most data shared is likely obtained from data brokers and social media sites. Although, others are obtained through illegal means. Regardless of the way the data is obtained, the purpose and outcomes are usually nefarious and used for online shaming, extortion, targeting, stalking, and hacktivism operations.

Targets of Doxing

Anyone can be a target of doxing. Celebrities and politicians are often targets, employees of prominent organizations, and law enforcement agencies and officers. For instance, during the 2019–2020 Hong Kong protests, both pro-democracy activists and police officers were doxed, leading to harassment and threats against them and their families. Another notable example is the doxing of a New York Times reporter who revealed the identity of the person behind the “Libs of TikTok” Twitter account, leading to significant backlash. Business leaders and employees, especially those associated with contentious industries or decisions, can be targets. A website named “Dogequest” reportedly published personal details of Tesla owners across the U.S., aiming to shame and intimidate them due to Elon Musk’s political affiliations. Unfortunately, ordinary citizens can become victims, especially in cases of personal disputes, online arguments, or as collateral damage in broader conflicts.

Resources Used to Dox

Doxers use a multitude of sources and resources to dox. The graphic below is a great outline and resource from Homeland Security.

Consequences of Doxing

Although this information is posted online, it can have very real consequences for the individuals whose information is posted. An impact of doxing is identity theft and financial crime, as all information about an individual is provided, criminals can use this data to conduct financial crimes. This can be a difficult thing to identify and recover from, with funds often taken before an individual even knows their data has been shared.  

The posts can also cause reputational damage, sharing information an individual may not want shared with their friends and family. There is also the possibility that material could be shared which may affect an individuals employment status.  

Furthermore, this data can be used to stalk and harass individuals, some of the posts on Doxbin actively encourage others to target individuals. This can leave the victims open to threats of physical violence as well as the trauma of knowing that someone knows where they live and work and could attempt to contact them at any time. Victims are often also subjected to harassment through prank/harassing phone calls, spam emails, and online harassment and cyber bullying through social media. 

These threats can have a lasting emotional impact on individuals.   

Real Life Example

Site Spotlight: Doxbin

In our marketplace, site and actor spotlight series, we highlighted Doxbin. You can check out the full write up on it here, which offers an in-depth examination of the controversial paste site known for facilitating the publication of personal information.

To summarize, Doxbin is a paste site that allows users to post personal identifiable information (PII) about individuals, often without their consent. Originally operating as a Tor-based .onion site, Doxbin has since transitioned to the clearnet and maintains an official Telegram channel, broadening its accessibility while retaining its association with underground communities.

Doxbin facilitates doxing by allowing users to upload text-based content related to individuals. The site claims to restrict content that is spam, child explicit material (CSAM), or violates the hosting country’s jurisdictional laws. However, in practice, there is minimal moderation, and information is often shared with the intent to target individuals.

The exposure of PII on Doxbin can lead to severe consequences for victims, including harassment, identity theft, and threats to personal safety. Victims may also be subjected to harassment through prank calls, spam emails, and cyberbullying on social media.

How Can I Protect Myself?

While it’s impossible to eliminate all risks, certain measures can reduce the likelihood of being doxed:

  • Limit Personal Information Online: Be cautious about the details you share on social media and other platforms.
  • Enhance Privacy Settings: Adjust settings on social media accounts to restrict who can view your information.
  • Use Strong, Unique Passwords: Implement robust passwords and consider using a password manager.
  • Enable Two-Factor Authentication: Add an extra layer of security to your accounts.
  • Monitor Your Digital Footprint: Regularly search for your name online to identify and address potential exposures.
  • Be Wary of Phishing Attempts: Avoid clicking on suspicious links or providing information to unverified sources.

Doxing represents a significant threat in the digital era, emphasizing the importance of proactive measures to protect personal information. By understanding the tactics used by doxers and implementing robust security practices, individuals can better safeguard their privacy and well-being. As always, if you are a victim of online crime, file a complaint with the FBI’s Internet Crime Complaint
Center (IC3) at ic3.gov.

Curious to learn more? Contact us.

Explore the Products

Button Product Vision
Vision UI ›
Button Product Search
Search API ›
Button Product Entity
Entity API ›
Button Product Score
DarkSonar API ›
Button Product Score
Score API ›
Button Ransomware API
Ransomware API ›
Button Product Datafeeds
Datafeeds ›

See why DarkOwl is the Leader in Darknet Data

Get a Demo
Get a Demo

Products

Services

Use Cases

Company

Copyright © 2024 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.