August 15, 2019
Suppose you were a celebrity who wanted to post a message to friends on social media, but still hoped to protect your privacy and identity. Maybe you would use a different name and photo on your Facebook or Twitter account. But in today’s online world, such amateur “covers” simply aren’t enough.
In fact, through a technique called “doxxing,” literally scores of famous performers and politicians have experienced the theft of their personal and financial information—only to see it posted out on the Internet for everyone to see.
Doxxing isn’t new. It’s been used by identity thieves for several years with great success.
How do they do it? They impersonate the celebrity that they plan on “outing” or embarrassing by gathering as much information as they can from a variety of sources, and then use that information to get access to more sensitive personal information, according to a blog by Christopher Budd of Trend Micro—a Japanese multinational cybersecurity and defense agency.
In fact, during just one week in March 2013, the financial information of a handful of celebrities was exposed by a mysterious website called “The Secret Files.” The stripped-down website posted the Social Security numbers, credit reports, birth dates, addresses, and phone numbers of celebrities and public figures—among them, Kim Kardashian, Britney Spears, Ashton Kutcher, Jay-Z, Tiger Woods, Mitt Romney, former Attorney General Eric Holder, former FBI Director Robert Mueller, and Hillary Clinton.
And to drive the point that technical savvy can’t seem to protect you from this, they’ve even posted information about Bill Gates.
The question becomes: What does this mean for us—the regular dweebs who use social media? And what should you do about it?
The good news is that these doxxing campaigns are clearly targeting famous and powerful people, and isn’t likely to directly affect any of us in the near term, according to Trend Micro. But this does highlight that your credit report has a lot of powerful information that you wouldn’t want publicly posted. So it’s a good time to take some steps to protect your information.
What you want to do is to ensure that you keep any information that you use to answer these types of security questions secret. Typically, you have a choice of what questions to answer, so only use questions for which the answers aren’t already public. Make sure your social media profiles are set to only show information to friends and you only “friend” people that you really know.
And, consider taking time and searching for yourself like an attacker would: Do searches on yourself and variations of your name, see what comes up—and if you find information out there that you didn’t know was out there and don’t want in public view, follow up to have it removed.