InfoSec Blog - Doxxing Can Ruin Your Life

June 9, 2017

Stop and think for a minute about how much information about you is online right now: Do you have a Facebook page? What about LinkedIn? Did you post any tweets today, or retweet someone else's message? Have you been part of an event where there are pictures of you or does your name appear in a participant list? Written any blogs or responded with comments to news articles? Filled out any online petitions? 

Take another minute and put your name into Google. Make sure you look at the 'Images' tab as may be surprised what you find.


What is Doxxing?

While the internet is a great place to share things about our lives with family and friends, it also has a dark side where a certain segment of the population will look to use all of that information about you for nefarious purposes. Doxxing is a type of cyber attack that involves a malicious party gathering information about a person on the internet by analyzing all of the bits of information that is online and then broadcasting it to the public. Typically this is used to embarrass, punish, or shame someone for something they have done. 

These malicious parties are very resourceful and will use all the tools at their disposal, including logs to determine your location or metadata found in documents and photos. They can also use data breach information that has been made public. These data dumps contain a great deal of information which could include very personal information and even passwords.


How Do I Protect Myself?

  • Be careful what you post online and on social media. Once its out there, it's impossible to get it back.
  • Remember that documents and photos contain metadata which can provide information such as GPS location. 
  • Protect your accounts with unique and strong passwords.
  • Be careful who you 'friend' on social media sites.
  • Review privacy settings on social media sites on a regular basis. And utilize tools, such as Facebook's 'View As' functionality.
  • Delete any accounts you are no longer using.
  • If you find data online that you do not want public, request your data be removed from the site administrator.


Written by: Stephen Willem (Manager, CCS Information Security)