In 2020, video game retailer GameStop’s stock hovered at low prices well under the $20 mark. This changed suddenly when market commentator, Andrew Left of Citron Research, covered the stock in a controversial short sale report and ended up being a victim of doxxing as a result. His personal information was posted in a Reddit group and Left alleged members hacked his Twitter account, harassed his family, sent food deliveries to his home, and even signed him up on Tinder.
Citron Research founder, Left, publicly called out Gamestop as a dying business, a mall retailer, struggling to stay afloat due to competition from digital video game sellers and reduced business during the Pandemic. Left predicted its stock prices would fall dramatically, leading many investors to short sell – borrow shares and sell them off with the intent to repurchase them at a lower price in the future.
Wall Street Bets, an online Reddit community already at odds with Left and Citron Research over other issues, wasn't happy. So the group encouraged its investors to purchase in droves to bring the GameStop stock price up and thwart Citron’s short sale strategy. And it worked, the strategy drove the prices up suddenly and short-sellers lost a boatload of money.
But the Reddit group didn't stop at bringing the stock prices up. Some members were more concerned with bringing Andrew Left down, encouraging others to do the same.
What happened to Andrew Left was doxxing. Unfortunately, the potential for doxxing is growing as we share increasing amounts of information and our lives become more digitally-oriented.
Doxxing refers to finding and revealing an individual’s private personal information online with malicious intent. This information includes home or work address, phone numbers, email addresses, financial information, images, and more.
A cybercriminal or someone with a bone to pick, can gain access to personally identifiable information (PII) in a variety of ways including hacking, social engineering, searching public data found online, purchasing from data brokers, and searching the dark web.
Anyone can be a victim of doxxing. According to a 2021 SafeHome report, 21% of Americans – that’s over 43 million people – have been personally affected by the practice. While the reasons for doxxing vary, it often occurs as a result of an online interaction gone bad, as it did for Andrew Left in the GameStop situation.
This is especially true as our world becomes more volatile and highly politicized. People are often more brazen behind a screen than they would normally be in personal interactions. In many cases, angry, offended, or disgruntled individuals can find the information they are looking for through a quick google search or by purchasing, inexpensively, from a people-search site. Then, they intentionally share personal data to publicly humiliate a person, harm their reputation, or harass them, online or in person.
Sometimes, doxxing results in harm coming to someone because of mistaken identity. This was the case in 2013, when Sunil Tripathi was mistaken for the bomber at the Boston Marathon. Sadly, it turned out he had taken his own life, possibly before the event, but his family had to deal with a grievous amount of harassment from the public until his body was found.
In 2021, an Australian teen and her family dealt with heartbreaking harassment and threats when doxxers mistook her for the poster of a viral video that was deemed racist.
There are many cases of high-profile celebrities being doxxed in the last several years. Some cases of doxxing results in little personal impact but it can frequently lead to personal embarrassment, job loss, and damaged reputations. In some situations, it can even end in physical harm and death.
At a corporate level, doxxing of an employee or company executive could lead to loss of sales for the business, a damaged brand reputation, and difficulty retaining top talent. At the very least, a company could be seen as an unsafe place to work or one that doesn’t back its employees.
Personally, we give away a surprising amount of information without batting an eye, from signing up for newsletters, to online shopping, to participating in credit card and retail loyalty and rewards programs.
The information we reveal may seem innocuous at the time but many sites we share with compile and sell that information. Add that to the photos and personal details we share on social media and publicly available information like property records, obituaries, and wedding announcements, and the amount of sensitive information out there is staggering.
In Andrew Left’s case, doxxing may have been preventable. If his personal information wasn’t as easily available, it may not have been posted in the Reddit group and the resulting harassment may not have occurred.
To protect your company and your employees, there are steps you can take.
Add a staff education component to your company’s cybersecurity goals and processes. Ensure your employees understand the impact of sharing PII, in their personal and work online activities. Help them to understand their risks and responsibilities with respect to cybersecurity. Provide strategies they can use to protect themselves and their data, at home and at work, such as:
Every employee has the right to a safe workplace outside the office. Consider increasing the safety of your employees and executives with an online monitoring and PII deletion service like PrivacyBrain.
PrivacyBrain continuously removes exposed personal information on public sites and reports the progress of the employee data removal in an intuitive dashboard.
Start offering a safer online environment to your employees today. Our team would love to help you.