EARLIER this year, a video surfaced online displaying photos of 87 alleged loan defaulters in Nigeria, accompanied by the caption, “Please settle your loan.”
Also on June 20, 2025, Yinka Theisen, wife of Linc Edochie, publicly shared May Yul Edochie’s phone number on her Instagram page, claiming it was in retaliation after May allegedly leaked her personal number earlier.
This act, which sparked outrage across Nigeria, not only raises concerns about privacy violations but also highlights how revealing an individual’s personal information could result into online harassment, cyberbullying, and online harm.
READ THIS: How to safeguard your organisation from being a disinformation campaign target
In today’s increasingly digital world where personal information is often just a few clicks away, the act of doxxing has emerged as a dangerous tool for harassment and intimidation, mostly used by malicious actors.
Doxxing is the act of publicly revealing or publishing private, personal information about an individual typically without their consent with malicious intent. This personal information could include home addresses, social security numbers, and names of employers.
The term originated from dropping documents and has evolved to include a range of tactics aimed at exposing sensitive data like full names, home addresses, phone numbers, email addresses, workplace information and private conversations or photo.
Often, the goal is to shame, threaten, or cause real-world harm such as job loss, stalking, or physical harassment.
Is doxxing illegal?
The legality of doxxing depends on jurisdiction and the type of information shared. In many countries, sharing publicly available information like a company email may not be illegal on its own.
However, doxxing becomes unlawful when it involves: threats, stalking, or harassment, leaking non-public information such as financial records, personal messages, violating data protection laws or terms of service and encouraging others to attack or harass the individual – a practice known as brigading.
A Lagos-based lawyer, Abulwasiu Mujeeb, explained in a report by The ICIR that publishing someone’s personal data without consent violates Nigeria’s data privacy laws. He cited Section 2.4 of the NDPR, which mandates that personal data must be processed lawfully and fairly, and Section 3.1, which prohibits using data beyond necessary purposes.
Mujeeb also referenced Section 24(1) of the Cybercrime Act, which criminalises online harassment, and Sections 34 and 37 of the Nigerian Constitution, which guarantee dignity and privacy, respectively.
In many cases, doxxing is used as a tool of online retaliation, punishing people for expressing their opinions, reporting on controversial topics, or simply having a public presence.
Doxxing can happen to anyone, but journalists, activists, public officials, women, and minorities are disproportionately targeted.
Doxxing as a form of information disorder
Doxxing is not just a form of harassment, it’s often tied to misinformation and disinformation campaigns. False claims or manipulated contents are sometimes used as a justification to expose an individual.
Unlike misinformation or disinformation which involve false or misleading content, doxxing falls under a category called malinformation.
In cases of malinformation, the information being shared is true, but it is deliberately exposed or used to cause harm to a person, group, or organization.
Praise Cole, a fact-checker with DUBAWA, explains that malinformation is dangerous because it takes something that is true and twists its purpose.
“It could be the utterance, statement of a person, data, material or document related to the person using that particular piece of information for malicious intent against that person to harm the reputation of the person in question often to damage someone’s reputation, incite harassment, or endanger their safety. It’s not about whether the information is correct—it’s about how it’s used,” he said.
DON’T MISS THIS: What is the position of law on doxing ‘loan defaulters?’
He stressed that doxxing becomes particularly dangerous in sensitive periods like elections, where true details about public figures, such as past statements, documents, or scandals are reshared or reposted, often selectively or out of context, to manipulate public perception and sway political outcomes.
“We often see this play out in the political space, especially during elections, where opposition parties dig up authentic information about a candidate, perhaps relating to scandals or allegations of misappropriation of funds and use it to damage the person’s reputation.
“Such tactics are aimed at influencing public perception and swaying opinions during critical periods like elections,” Cole added.
Speaking with an official from the Nigeria Data Protection Commission (NDPC), Itunu Dosekun, stated that the NDPC Act prohibits doxxing and also provides avenue for victims seeking redress and punishment for offenders.
“Yes the Act prohibits it, and we always ask citizens to report any breach of their privacy to the Commission. We have several means, including through email (info@ndpc.gov.ng), our social media handles, and letters can be sent physically to the office,” Dosekun said.
How to stay safe from doxxing online
While no method is foolproof, following these tips could help you stay safe from doxxing online:
1. Limit public exposure
One of the most effective ways to protect yourself from doxxing is by limiting the amount of personal information you make publicly available online. Doxxers often rely on details people unknowingly share to build profiles about them.
Avoid posting sensitive details such as your home address, phone number, personal email address, or information about your family, workplace, or school on public profiles. Even photos can give away more than you realise as images showing your house, street signs, or workspace can expose your location.
It’s also important to regularly review your privacy settings on social media, restricting who can view your posts and profile details, and disabling features like location tagging.
2. Use pseudonyms
Another effective way to safeguard yourself against doxxing is by using pseudonyms or separate professional email addresses when engaging online. Using your real name or primary personal email across multiple platforms can make it easier for malicious actors to link your online presence with your real-world identity.
Instead, consider adopting usernames or pseudonyms that don’t reveal personal details, especially on platforms where privacy is crucial. For professional engagements, create and use dedicated email addresses that don’t include identifiable information such as your full name or date of birth.
3. Enable two-factor authentication
It’s also important to strengthen the security of your online accounts by enabling two-factor authentication (2FA) and using strong, unique passwords. Two-factor authentication adds an extra layer of protection by requiring a second verification step, such as a code sent to your phone or generated by an app before granting access.
This makes it significantly harder for anyone to hack into your accounts even if they manage to obtain your password. Equally vital is the use of strong passwords that combine uppercase and lowercase letters, numbers, and special characters.
ALSO READ: Fact-checkers grapple with harassment, cyberattacks and financial instability globally – Report
How to verify social media profiles, pages
Avoid using easily guessable information like birthdays or common words. Using password managers can help you generate and store complex passwords securely, ensuring you don’t have to rely on your memory alone.
4. Avoid posting location data or identifiable details.
Another essential step in protecting yourself from doxxing is to avoid sharing location data or identifiable personal details online. Information such as your home address, workplace, frequent hangout spots, or even photos that reveal your surroundings can make it easier for malicious actors to track you down or piece together your identity.
Even seemingly harmless posts, like tagging your location in real time or sharing photos with visible street signs, house numbers, or landmarks can expose more than you intend. Turning off location tagging on your social media apps and being deliberate about the personal details you share can significantly reduce your vulnerability. Being cautious with what you reveal helps keep your personal life private and secure.
5. Report threats promptly
If you notice that your personal information has been exposed online or receive threats, it’s crucial to act quickly. Report the issue to the platform where the breach occurred—most social media websites have dedicated channels for handling abuse, harassment, or privacy violations.
Additionally, if the exposure involves serious threats to your safety, contact law enforcement agents like the Nigeria Police Force or the Nigeria Security and Civil Defence Corps (NSCDC). Prompt reporting not only helps take down harmful content but also creates a record of the incident, which can be vital if legal action becomes necessary. Acting swiftly can reduce the potential harm and help authorities or platforms intervene before the situation escalates.
For journalists and fact-checkers, using tools like Google’s Advanced Protection Program or privacy-first browsers (e.g., Brave, Firefox with add-ons) can offer extra layers of security.
Seasoned fact-checker and researcher Fatimah Quadri has written numerous fact-checks, explainers, and media literacy pieces for The FactCheckHub in an effort to combat information disorder. She can be reached at sunmibola_q on X or fquadri@icirnigeria.org.
