Online disagreements among young people can easily spiral out of control. Parents need to understand what’s at stake.
27 Nov 2025
•
,
5 min. read
The digital world offers countless opportunities for self-expression, learning and personal development, but it’s also a place where grudges are easily harbored, disagreements can often spiral, and intimidation, harassment and revenge are never far away.
Often, doxxing is the primary way online retaliation manifests. It sounds innocuous enough, but could have a significant impact especially on your child’s mental health and physical safety. Minimizing the chances of it happening may require a change in online behavior – for you and your kids.
What is doxxing?
Doxxing (doxing) is what happens when a malicious third party deliberately exposes the personal information of someone else online. It could be their name and email/home address, employment details, financial and health records, or even information on family members. Anything is fair game in the world of doxxing.
Why do they do it? Usually as some form of retribution against the victim. It could be an ex-partner, or someone who feels they’ve been wronged by the victim in the physical or digital world. Revenge is a powerful motivator, but it’s not the only one. Doxxers might also expose their victims in order simply to bully or silence them.
On some occasions, the doxxers’ goal may be to extort money out of their victims or others. In one recent case, ransomware actors released the names, address and photos of young children they had stolen from a London nursery group, in order to pressure it into paying a ransom. On other occasions, the doxxer might believe they have the moral high ground – for example, by releasing secret records in what they think is the public interest.
How does doxxing work?
Whatever the motivations, doxxing attacks usually start with reconnaissance on the target. The doxxer will first need to find the information they want to share with the world. They might do so by digging into the victim’s social media account for locations that they frequently visit, workplace/school details, or other personal information. Some of this may be easy to find, especially if the two parties follow each other online. Otherwise, the aggressor may be able to take advantage of open profiles or poorly secured accounts to access them.
More sophisticated doxxers might also search for the victim’s online monikers or usernames across multiple sites, in order to amass more information on them. They might make use of public records that store things like marriage licenses and court records. Or query WHOIS databases that store the personal details of website/domain name registrants. There are also plenty of reverse lookup services online that return linked information if a doxxer inputs certain details on a target.
The most intrusive form of intelligence gathering is barely distinguishable from that of a common cybercriminal. It would involve sending phishing messages to the victim in order to trick them into divulging logins or personal information, or installing infostealing malware on their machine/device. Cybercrime forums are another source of illicit personal information – in this case, data that has come from a breached organization, or been lifted in historic infostealer attacks.
What are the risks?
Depending on the motivation of the aggressor and the information they publish, doxxing can range from a minor irritant to a major psychologically and emotionally damaging event. That’s especially true of children, who may be more vulnerable to such incidents.
Young people, and especially adolescents, have less emotional resilience, and are especially sensitive to feelings of shame and embarrassment. Plus, many spend a large part of their lives socializing online, where acceptance by peers is everything. That can amplify the toxic impact doxxing can have on self-esteem, isolation and anxiety.
The impact is not just psychological and emotional. Some doxxers use their online efforts to intimidate their victims physically, with the implicit threat that more bullies will “pile on” by using and sharing their details elsewhere. At the extreme end of the spectrum are “swatting” attacks, where doxxers share their victim’s details with law enforcement, calling in a fake bomb or terror threat. This can lead to a terrifying armed police response, potentially putting the victim’s life in danger.
Above all, remember that the internet has a long memory. Any personal information revealed today may remain online for many years to come – following a victim into adulthood, where it could impact their higher education or job prospects.
Minimizing the doxxing threat
The best way to reduce your children’s exposure to doxxing is to minimize the amount of personal information their share online. That means sitting down and updating their privacy settings on social media, switching off geolocation, and regularly purging any unwanted followers.
You should encourage them only to accept people they know (and like) in real life as online friends. All accounts should be protected by strong, unique passwords (stored in a password manager) and multifactor authentication (MFA), to mitigate the risk of phishing/infostealers.
You can also help by doing some internet research; searching for their name online. If you don’t like the results, consider submitting requests to the platforms/websites in question to have them removed. If you’re a “sharenter,” pay close attention to what you post about your kids. Never share their personal details, or even photos that could identify school and location.
Consider also a more general chat about doxxing, and the dangers of sharing personal info and getting into disputes online. Communication is critical. Your child should always feel supported and heard. And they should know that, when they come to you with a question or concern, you’ll listen and look for solutions, rather than get angry.
What to do if you’ve been doxxed?
If the worst happens, stay calm, don’t engage with the doxxer, and work through the following:
- Document all the evidence, screenshotting any posts or threats, and where personal information was leaked.
- Contact the police immediately if there has been a threat of physical violence made against your child.
- Report the incident to the relevant social media sites, as it will most likely violate their terms of service, or to the hoster/site owner (if a fixed web site).
- Consider contacting Google with a removal request, which will mean personally identifiable information shared by the doxxer won’t appear in search results.
- If you suspect your child’s account has been hacked, change the password, enable MFA and change the privacy settings to the highest level.
- Above all, be there for them. Listen to their concerns and remind them it’s not their fault.
Doxxing can be an extremely upsetting experience, even for the most resilient youngsters. Get ahead of the threat today, and hopefully you’ll never need to take emergency steps tomorrow.
