Imagine all your private information was posted somewhere. Your full name, social security number, home address, employer details and those of your relatives, personal phone numbers, ID, passwords, vehicle VIN numbers, and so forth. Imagine all that is out there for that unhinged psycho that you called an idiot in a Twitter debate three years ago to find and use as he pleases.
Doxbin claims that PHP code can’t harass anyone. People submit the information and they just keep it up. They don’t do any hacking or harassing. They’re as innocent as an arms dealer who sells AK-47s to ISIS. Both refuse responsibility for what they facilitate.
What is Doxbin?
Doxbin is a website that allows people to post personal information of other people they don’t like for offenses both real and imagined. The site has been around since 2011 in multiple iterations.
Doxbin claims not to publish any information obtained through illegal means though how anybody can get their hands on mortgage statements and the passwords of a target’s sister’s boyfriend legally is extremely questionable.
Doxbin does not comply with investigations or requests for information from law enforcement agencies. It uses multiple mirror sites (alternate URLs) to circumvent takedowns, something the site has suffered through a couple of times.
Who owns Doxbin?
Doxbin has a checkered history. The site as it currently exists is owned and operated by two people only known as Kt and Brenton.
Doxbin started as a darknet service run by a figure named Nachash. Nachash stepped down in 2014 following a takedown of the site in Operation Onymous, an international multi-agency sting operation allegedly using a zero-day exploit in the Tor system that took down dozens of darknet markets and hidden services.
Some time between 2014 and 2021, Doxbin came under the control of Kt and Brenton. In November 2021, Kt and Brenton sold Doxbin a person named White for $75,000. White “ruined” the site, whatever that means. His three-month reign was so terrible the community of doxxers bullied him into reselling it to the original owners for 20% of what he had paid.
White gave the site back to Kt and Brenton but retained Doxbin’s Twitter account and Discord server. Kt dislodged him from that Twitter account and the fight over it led to the account being permanently suspended.
White published Doxbin’s database and user logins in retaliation. The Doxbin community responded by doxxing him in turn. They posted all his aliases, address, phone numbers, parents’ details, and the special education school he was attending.
White turned out to be a 16-year-old autistic kid from Kidlington, UK, who had allegedly made $100 million in bitcoin from his helming of the ransomware group Lapsu$. British police, who had been monitoring the teenager for his involvement with ransomware attacks, arrested him shortly after he was doxxed. The case is ongoing.
How do you know if you have doxxed?
Searching a site like Doxbin for your name is a solid strategy but it’s neither practical nor sustainable. You can’t do it every day.
Knowing you’ve been doxxed depends on the extent of the information revealed. Some doxes will just have a full name and IP address. These are not that bad but Doxbin usually deletes them for being spam. The community likes in-depth doxes; the ones that show your bank balance and your grandmother’s Facebook password.
Doxes also vary. If you’re prominent on the internet, you will know reasonably quickly. Someone will tell you. If you’re a nobody like many of us, you’ll when you start receiving threatening messages from strangers who know more about you than they should.
You might also get a lot of prank calls, emails, and pizzas you didn’t order. There will be logins into your internet accounts so it’s a good idea to enable two-factor authentication on anything important. Your spouse and relatives are just as likely to be harassed as most doxes include family information. As one comment on Doxbin reads, “Dox everyone she knows. If we harass them they will pressure her to change.” In the worst-case scenario, people might start showing up outside your house. Some might even break in.
What to do if you’ve doxxed?
- Disable all compromised accounts.
- Change your passwords and phone number.
- Enable two-factor authentication on all sensitive accounts.
- Consider changing your usernames if you have to get back on social media.
- Use different passwords on different sites. Consider a password manager if you have a hard time remembering them.
- Move house if your address has been leaked and you can’t guarantee your own security.
It’s also a good idea to find out who doxxed you and try to address it. Sometimes it could be someone you know who might be doxxing you or collaborating with doxxers. That’s one of the few ways in which sensitive information like your social security number can make its way to a place like Doxbin.
How to get your dox off Doxbin?
This is usually impossible unless the site gets taken down. The best method is to find whoever doxxed you and have them delete the dox. That doesn’t guarantee the information will be gone. Someone could have saved it or screenshotted it. The information will still be out there. It can be reposted at any time. The best way to deal with a dox is to make the information irrelevant by changing things like your phone number, email address, and even your home address if you can.