Doxxing — the act of discovering and then revealing personal information about a person online so they can be attacked — has become a sort of social media vigilante justice recently.
In days past, it was seemingly more prevalent among celebrities save for a few high-profile examples. However, more and more people who put their foot in their mouths on social media are being doxxed.
So, are you at risk for being doxxed? Let’s take a look at some examples of doxxing, how it is done, and what you can do to prevent it.
Examples of Doxxing
So, there have been several instances of doxxing throughout the years that have had very different results.
Back in 2013 TMZ broke a story of a group of celebrities that had been doxxed.
Seemingly, it was for no other reason that they are celebrities and the hacker had the ability to do so. Private details released included social security numbers, mortgage amounts, credit card numbers and information, car loans, and banking information.
But they’re celebrities and everyone can find out someone that public! Right?
Hang on. Do you remember Gamergate?
In 2014 a harassment campaign was launched against many females in the video game industry, but most notably game developers Zoë Quinn and Brianna Wu. Also pulled into the cross-hairs was feminist media critic Anita Sarkeesian.
Essentially, it all started when Eron Gjoni, Quinn’s former boyfriend, wrote a blog post about Quinn. Then the #gamergate hashtag began being used to falsely accuse Quinn of an unethical relationship with journalist Nathan Grayson.
Then came death threats and threats of rape as well as hackers taking control of some of the victims Twitter accounts, personal information was released, nude photos were leaked, and more.
Eventually, the victims had to leave their homes and go into hiding.
Some of those defending the victims were “swatted” in which doxxers find out your address and wrongly accuse you of a crime so police or SWAT show up. On occasion, this practice has proved fatal.
Just one year later, former Major League Baseball player Curt Schilling performed what is known as “revenge doxxing.”
A few unsavory individuals had tweeted offensive comments about his then 17-year-old daughter. He then wrote a blog explaining his outrage and how people on the internet can be tracked down. At the end, he said, “If you guys reading this that know how to find people on the ‘net want to have at it, please do.”
Of course, many of them were found either through his own searching or possibly through the help of some of the “guys who know how to find people on the ‘net.” Most who were found were kicked off their high school athletic teams, suspended, or fired from their jobs.
In the same year, the dentist who killed Cecil the Lion was found and his office’s website, address, and phone number as well as his home address and phone number, were posted on social media.
Many, many more cases can be listed (including ones in which the identities released turned out to be incorrect) but I think by now you get the point of what doxxing is and the damage it can do.
How doxxing is done
You’ve probably revealed plenty of information that, if someone wanted to, could be used to reveal your complete identity.
You’re probably saying, “No way! I’m not dumb! I’ve never posted my address, my phone number, or anything super personal like that!”
However, these internet sleuths don’t need those things to begin slowly narrowing down where you live, tracking down your number, or even your financial records.
Through your social media posts, you’ve revealed plenty. Think about it: Have you checked in anywhere? Do you have your job in your bio? Maybe you’ve just made posts saying things about regionally specific stores. Even stuff in the background of your photos can be revealing.
That’s all a doxxer needs to start unraveling the mystery of who you really are before releasing it to the masses.
If they’re really technologically advanced, they can use a technique called “packet sniffing.“
Packet sniffing is when a doxxer breaks into your Wi-Fi network and begins intercepting your data coming in and out of the network. In using this method, the hacker can actually see everything you’re doing in real-time simultaneously on their screen.
More common methods used are file metadata analysis and IP logging.
One of the more notoriously revealing metadata files are those created by Microsoft Office. If you’ve ever shared one of these documents, here’s how much information they can give away. All anyone has to do is right-click the file, go to properties and select details.
Photos you post can give away a lot more information than you care to reveal as well. When you take a picture with your smartphone, the image contains something called EXIF data (<- this link also shows how to disable it). Among all the information like file size and resolution will also be the type of phone used to take the photo, the time and date it was taken, and the location if you had your GPS enabled.
Then there’s IP logging in which hackers send a message or email with a code embedded and when the recipient opens the message their IP address is sent back to the hacker.
It could take some work, but your IP address can share your generalized location and even reveal some of your behavior online.
What can I do to prevent it?
OK, right about now this is probably you:
However, there are steps you can take to protect yourself.
One of which is using what is called a virtual private network (VPN). This encrypts your data and makes it virtually impossible to find your IP address.
Second, do not use those buttons that allow you to use Facebook or Google to log into their service!
Sure, it’s super convenient. But what you’re doing is giving the website all the information Google and Facebook has on you. Which, if you haven’t heard, is a lot.
If you have a website or blog, go ahead and pay the small fee to hide your personal information from the domain database search website WHOIS.
Finally, you need to start thinking before you post. Could someone use the information in the post to find you or receive personal information? Also, check your privacy settings and adjust them to your liking.
What to do as a business owner
If you are a business owner and you are worried about what could happen if you or one of your employees are the victim of one of these attacks, you are right to be concerned.
As I stated earlier, doxxing has been used against “everyday people” who say something inappropriate on social media, put their foot in their mouth, or simply share a different opinion.
Commonly, they will start alerting the person’s employer what’s going on and ask for them to be fired.
So, what should you do if one of your employees are getting doxxed?
First, you need to have a plan. We recommend having a social media policy in place. Make sure everyone knows your values and that your actions reflect those values.
Then, if an employee is being doxxed, and they truly did something bad, you can point to your company’s policy and say their actions don’t reflect your values.
What if their opinion isn’t harmful or discriminatory? What if you agree with what they said?
Then be prepared to defend your values.
Do you need help preparing for these things? 2oddballs Creative provides public relations help — including crisis communication — to help prepare for and manage crises when they happen.