Everything your employees should know about doxing and data brokers

In August 2020, Comparitech researchers discovered an unsecured database that contained 235 million Instagram, TikTok, and YouTube profiles exposed online. These profiles were scraped by a data broker called Social Data without user consent. The exposed information consisted of names, ages, genders, profile pictures, account descriptions, follower engagement statistics, demographic information, as well as the nature of the profiles.

While the collected data was publicly available, it is still seen as a serious invasion of privacy. 

Here, we will discuss what doxing is, what role data brokers play in it, the different ways doxing can be conducted, how to defend against it, and how to respond to a doxing attack.

What is doxing?

Doxing is an act of cyberbullying that uses an individual’s private and sensitive information to harass, threaten, extort, or exploit them. Sometimes, these attacks can escalate and may result in injury or death. Thanks to digitalization, doxers now have an arsenal of resources on the internet to search and compile information about their targets, which they can then publish online. Common information doxers look for include names, photographs, social media accounts, home addresses, phone numbers, workplace information, social security numbers, and credit card and bank account details.

Why should organizations care?

While doxing mainly targets individuals, organizations are also a lucrative target of doxing as they hold large databases of sensitive and confidential data about their businesses and projects. This can significantly damage an organization’s reputation and financial performance. 

Furthermore, the lines between work-related and personal devices and accounts are increasingly blurring. For example, 68% of employees in the US use instant messaging and business collaboration tools to share. sensitive and business-critical company data. As we shift towards even higher interconnectedness, an employee is increasingly seen as a viable entry point to organizational data.  

Unfortunately, doxing isn’t inherently illegal as most of the information used in these attacks is publicly available. However, it is highly unethical and even dangerous at times.

How does doxing work?

Anyone who has information about themselves online can be a target of doxing.

Username tracking: It is a common practice for people to use the same username across several accounts. This makes it very easy for potential doxers to search and collect information from a target’s account and compile information about them.

Phishing: This is a form of social engineering where victims are contacted via email or are asked to click on a suspicious link and fill out sensitive information by threat actors pretending to be a legitimate professional or an organization to conduct malicious activities such as doxing.

WHOIS: If you own an internet domain name, and your registration information is public – then anyone who runs a WHOIS search can easily access your personally-identifying information.

Social media stalking: People usually share a lot of personal information on their social media accounts – which are often public. This information can include items like their schooling history, their workplace, likes and dislikes, location, etc. Doxers can use this data to find more about their targets, sometimes even using the collected information to answer security questions to break into other accounts.

Government records: Governmental websites contain databases of information like DMV records, business licenses, marriage licenses, county records, etc. which can be can be used in a doxing attack.

IP address tracking: Several methods may be employed to find a target’s IP address. Doxers can then use the newfound IP address to link their target to a physical location and launch a doxing attack.

Packet sniffing: Data travels across the internet in the form of packets. Hackers can intercept their target’s data, determine the kind of information within it, and use it for nefarious reasons. They can achieve this by connecting to a network, breaking past its security, and then grabbing the data moving across the network.

How to protect your organization from doxing through employee training

1. Teach your employees the importance of good password etiquette. This includes using strong, unique, and different credentials across all accounts.

2. Encourage your employees to use VPNs while browsing the internet. 

3. Emphasize the importance of privatizing their accounts and only interacting with trusted users on social media platforms. Additionally, explain the importance of being selective of the apps that they give the permission to access their data.  

4. Regularly delete obsolete or unused accounts in your organization’s systems and networks.

5. Raise awareness about phishing scams and other forms of social engineering attacks.

How to respond to a doxing attack

Furthermore, make sure you have a procedure in place that your employees are aware of in the event of a doxing attack.

• Report the incident: Immediately inform the necessary parties like your organization’s security department about the situation. If the matter escalates, it’s time to involve law enforcement.
  
• Document everything: Proof is everything. Make sure you take screenshots and save or download pages where your information is posted along with the date and time. This would make it easier for investigators to find the culprits of the attack.
  

• Secure your accounts: Increase privacy settings, change your passwords, and, if required, lock down your accounts to prevent any further attacks. Additionally, contact your bank or credit card company to prevent any financial mishaps.
  
• Be on high alert: Monitor your online presence for any kind of fraudulent activity like data theft or identity theft.