There’s one club right now that some major public figures and celebrities are in that they wish they weren’t a member of and you don’t want to join either: the doxxing club. Famous victims have had their detailed personal information stolen via “doxxing” and posted out on the Internet for all to see.
Doxxing is a new form of identity theft where attackers try to impersonate you by gathering as much information as they can from a variety of sources, and then use that information to get access to more sensitive personal information. For example, reports tell us that attackers are doing this by targeting the free credit reporting site Annualcreditreport.com.
Over the past week, we’ve seen personal information for celebrities like Ashton Kutcher, Jay-Z, Tiger Woods, Britney Spears, and Kim Kardashian revealed online. As if the attackers mean to show that they can get to people that we would expect to have better protection, they’ve also posted information about political figures like Michelle Obama, Hillary Clinton, Mitt Romney, Attorney General Eric Holder, and FBI Director Robert Mueller. And to drive the point that technical savvy can’t seem to protect you from this, they’ve even posted information about Bill Gates.
It’s not just the leaking of a phone number and address. This is the exposure of detailed, comprehensive personal and financial data. The bad guys are posting phone numbers, addresses, credit reports, birth dates, and social security numbers. This is enough information to easily facilitate complete identity theft.
It’s enough to give everyone pause.
The question becomes: What does this mean for you? And what should you do about it?
In the case of Annualcreditreport.com, the site asks you for a number of pieces of personal information to verify your identity. It asks for your social security number, your phone number, and your address. It also asks you questions that we’re told help make this process more secure: questions that supposedly only you know the answer to. This is where doxxing comes into play.
A typical example of the type of question we’re talking about is “Your mother’s maiden name” or “Your high school mascot.” In a time before social media and massive information sharing, these kinds of questions were more secure than your social security number (which is broadly shared no matter how much we try not to share it). But these days, things are different, thanks in part to social media. For instance, if you have a publicly viewable Facebook profile and you list your parents, I may see your mother’s maiden name in her profile name. If you list your high school on your profile, it’s an easy thing for me to go look up what your school mascot was.
The good news about doxxing
The good news is that these doxxing campaigns are clearly targeting famous and powerful people, and isn’t likely to directly affect you in the near term. But this does highlight that your credit report has a lot of powerful information that you wouldn’t want publicly posted. So it’s a good time to take some steps to protect your information.
What you want to do is to ensure that you keep any information that you use to answer these types of security questions secret. Typically, you have a choice of what questions to answer, so only use questions whose answers aren’t public. Make sure your social media profiles are set to only show information to friends and you only “friend” people that you really know.
And, consider taking time and searching for yourself like an attacker would: do searches on yourself and variations of your name, see what comes up, and if you find information out there that you didn’t know was out there and don’t want in public view, follow up to have it removed.
May be surprised at what you find
One trend I’ve noticed lately in particular is sites putting your information out there from public records searches: the information has always been public but this practice makes it much more accessible than before. Like me, you may be surprised at what you find when you search for yourself.
Finally, given these attacks and the amount of information in them, make sure you specifically review your online credit report accounts and the security questions you’ve used to access them.
This spate of public posting of personal information shows the risk of being a public figure. Most of us don’t have to worry about that. But it also shows the risks of having so much information accessible online. It underscores that we have to take an active role in monitoring our online information ourselves and take steps to prune back information we don’t want out there.
I work for Trend Micro and the opinions expressed here are my own.