Doxing is the act of gathering information about a target individual or organization and making it public. The term is hacker-speak for documenting. As a rule, the data gathered is sensitive information that the target doesn’t want broadly known, for any of a number of reasons including customer privacy, compliance requirements and reputation management. The information may be gathered from publicly-available sources, through social engineering or through a hacking exploit.
Doxing is sometimes used for a type of extortion in which an attacker accesses the target’s sensitive data and threatens to make it public unless demands – usually for money – are met. Malware known as doxware or extortionware is often used to facilitate the exploit. Doxing is also sometimes used for legitimate purposes, such as aiding law enforcement. Other motives include cyberbullying, industrial espionage and harrassment, as well as the gray area of social and political activism.
The word doxing entered the broader public domain in 2011, when the hacktivist group Anonymous released information about 1500 users of child pornography sites. That same year, Anonymous published information about 7,000 law enforcement personnel in retaliation for investigations into the group’s hacking activities.