Doxxing Cyber Crime and its Safety Measures

Doxxing (also spelled “doxing”) is the act of publicly exposing someone’s private information — real name, home address, phone number, place of employment, financial details — without their consent. The goal is almost always to harass, threaten, or intimidate the target. Doxxing is used against individuals, celebrities, journalists, activists, and corporate employees. While publishing public records is not always illegal, doxxing combined with threats or calls for others to harm the victim is a criminal offense in India.

What Is Doxxing Cybercrime?

The term “doxxing” comes from “dropping documents” or “docs” — the act of releasing identifying documents or information about someone online to enable harassment. Attackers typically gather information from multiple public and semi-public sources: social media profiles, data breaches, dark web databases, voter records, domain registration records, and previous data leaks.

The harvested information is then posted on public forums, social media, or messaging apps — often with a call for others to contact, harass, or target the person.

High-profile targets include politicians, social media influencers, and celebrities. However, anyone with an online presence is at risk — corporate employees, academics, and everyday users have all been targeted.

How Is Doxxing Done?

Doxxers use several techniques to gather personal information:

• Social media scraping: Extracting details from public posts — employer, location, family members, daily routines.
• Reverse image search: Identifying someone’s identity or location from photos they have posted online.
• Data breach databases: Purchasing or accessing credential dumps from previous breaches to link email addresses and passwords to real identities.
• WHOIS records: Looking up domain registration records if the target owns a website — these often contain name, address, and email.
• Phishing attacks: Sending spoofed emails to trick the target into revealing their address, phone number, or login credentials.
• IP logging: Embedding tracking links in messages to capture the target’s IP address and estimate their location.

Is Doxxing Illegal in India?

Doxxing sits in a legal grey area. Publishing genuinely public information — a government record, a court judgment — is not illegal. Doxxing becomes criminal when it:

• Is used to intimidate or threaten the target (IT Act, Section 66A — though Section 66A was struck down by the Supreme Court in 2015, related offenses fall under the IPC)
• Facilitates stalking (IPC Section 354D)
• Involves publishing private sexual images (IT Act, Section 66E)
• Incites others to commit violence or harass the target (IPC Section 503)
• Exposes someone’s financial information such as bank account or credit card details (IT Act, Section 43)

If you are a victim of doxxing, file a complaint at the cyber crime investigation unit or call the National Cyber Crime Helpline: 1930.

How to Protect Yourself from Doxxing

1. Use a VPN

A Virtual Private Network masks your real IP address, making it significantly harder for attackers to trace your location. Use a VPN whenever connecting to the internet, especially on public Wi-Fi. Avoid public Wi-Fi scams that may intercept your traffic.

2. Tighten Social Media Privacy Settings

Set your social media profiles so that only known connections can view your posts, location, and personal details. Disable location tagging on photos. Review which third-party apps have access to your profile — revoke permissions for any you do not actively use. Follow safe social media practices consistently.

3. Watch for Phishing Attempts

Doxxers frequently use phishing emails and fake login pages to extract personal details. No legitimate organization — bank, government agency, or employer — will ask for your home address or credentials via email. Always verify the sender’s domain before clicking any link.

4. Limit What You Share Online

Never publish your home address, workplace address, phone number, or financial details on social media or public forums. Use a separate professional email address for online registrations to limit exposure if any one account is breached.

5. Use Multiple Email Addresses

Maintain separate email addresses for different purposes: one for financial and banking accounts, one for professional contacts, and one for online services and app registrations. This limits the damage if a single email is compromised in a breach.

6. Use Strong, Unique Passwords

Reusing passwords across multiple platforms makes it easy for doxxers to access multiple accounts after a single breach. Use a password manager to generate and store strong, unique passwords for every account. Enable two-factor authentication on every account that supports it.

7. Set Up Google Alerts for Your Name

Create a Google Alert for your full name, phone number, and home address. This notifies you immediately if your information appears publicly online, giving you early warning of a doxxing attempt before it escalates.

What to Do If You Are Being Doxxed

1. Document everything. Screenshot all posts containing your information — including usernames, timestamps, and URLs.
2. Report to the platform. Report the content to Twitter, Facebook, Reddit, or wherever it appears. Doxxing violates the terms of service of all major platforms.
3. File a complaint. Report to cybercrime.gov.in or call 1930.
4. Alert your contacts. If your home address is exposed, let family members and neighbors know.
5. Contact a cyber expert. If the doxxing involves financial data, threats, or escalating harassment, contact a cyber expert in India immediately for professional assistance with evidence collection and legal action.

Common Questions About Doxxing

Is doxxing always illegal? No. Publishing publicly available records is not automatically illegal. Doxxing becomes criminal when it involves threats, harassment, or inciting others to harm the target.

Can police help with doxxing cases? Yes. File a complaint at your local cyber crime cell or through the national portal. Cases involving threats or financial exposure are prioritized.

How do I remove my personal data from the internet? Submit removal requests to Google, social media platforms, and data broker websites. Use WHOIS privacy protection if you own a domain name.