Leak Check Me
Sign inRun Leak Check
All privacy guides
what to do if doxxedMay 28, 2026Leak Check Me

You've Been Doxxed. Here's What to Do in the First 24 Hours.

A calm, hour-by-hour playbook for the first day after a dox: what to report, what to lock down, who to call, and how to start scrubbing the source.

Someone posted your home address. Or your phone number, or your workplace, or your family's names — usually with a thin coat of menace attached. This post is the playbook for the next 24 hours.

It is sober on purpose. Doxxing victims tend to read this kind of guide while shaking, so we have stripped out everything that isn't an action you can take. Bookmark it, share it, run the steps. You are going to be okay.

One-sentence answer: In the first 24 hours after being doxxed: don't engage publicly, screenshot everything, report to the platform and police, then lock down accounts and start scrubbing the broker sites the doxxer pulled your data from.

TL;DR

  • Hour 0: Don't reply, screenshot everything, tell someone you trust, call 911 if there's a credible physical threat.
  • Hour 1–3: Report to every platform hosting your info. File a police report even if you doubt it'll matter — paper trail.
  • Hour 3–12: Change passwords (most-exposed first), enable TOTP 2FA, lock down social privacy, set Google Alerts on your name.
  • Hour 12–24: File data broker opt-outs and Google's Results About You requests, consider mail forwarding for severe cases, get to a person who can listen.
  • Doxxing is a marathon. The first day is about containment and evidence, not full cleanup.

Hour 0 — Stop, screenshot, breathe

Resist the urge to reply. Engaging with the original post — even to deny something — almost always amplifies it. Threads with replies surface in more feeds.

Do these, in this order:

  1. Take a breath. Set a five-minute timer. You will think more clearly after.
  2. Screenshot everything: the post(s), the username and URL of the account that posted, the comments under it, any private messages you received. Capture full-page screenshots and include the timestamp visible in the screenshot. Save them to a folder labeled with the date.
  3. Save the URLs in a plain text file. Twitter/X and Reddit posts can disappear after reports, and you may need the link later for police, employer, or platform appeals.
  4. Call 911 immediately if the post includes a specific threat of physical harm, a stated intent to "visit" you, or has been picked up by a crowd that's organizing offline. This is what police do. It is not an overreaction.
  5. Tell one trusted person. A friend, partner, sibling. You should not handle the next 24 hours alone, and someone needs to know where you are.

Hour 1–3 — Report to platforms

Every major platform has a doxxing-specific reporting path. According to DeleteMe's doxxing reference and our own walk-through of current 2025 menus, the routes are:

  • Twitter / X: Click the three dots on the post → Report postAbuse and harassmentIncludes private information. Submit each post separately. There is also a dedicated form for private information violations.
  • Reddit: Click Report under the post → It's personal and confidential information. Also message the subreddit moderators directly. For escalation, contact-us.reddithelp.com has a "I want to report a privacy violation" workflow. Reddit Legal can be reached at contact@reddit.com.
  • Facebook: Click the three dots on the post → Report postPrivacy violationSharing personal information. For your own profile being scraped, also visit facebook.com/help/contact/144059062408922.
  • Instagram: Three dots → ReportIt's inappropriateSharing personal information. Use the privacy violation form for severe cases.
  • Discord: Right-click (desktop) or long-press (mobile) the message → Report messageExposing private identifying information. Also submit a Trust & Safety report with screenshots.
  • TikTok: Long-press the video → ReportPrivacy and safety.
  • YouTube: Click three dots under the video → ReportInfringes my rightsInvades my privacy. Personal info removal also has its own dedicated form.
  • GitHub / forums / Substack / personal blogs: Most have a contact email and a DMCA / privacy contact. Use those.

If your home address or phone is up, flag it as urgent. Most platforms have an expedited lane for credible physical-safety risks.

File a police report

Even if you think nothing will happen, file one. Reasons:

  • It creates a timestamped paper trail.
  • It is often required if you later seek a restraining order.
  • Your employer may need it as documentation if work info leaked.
  • Insurance companies sometimes require it for identity-theft claims.

Go in person to your local precinct if possible, or use your city's online reporting portal. Bring printed screenshots. Ask for a copy of the report and the case number. Be matter-of-fact: "I'm here to report online harassment that includes my home address being posted publicly."

The FBI takes online threats through IC3.gov. File there in addition to local police if the threat involves interstate movement or someone you cannot identify.

Tell your employer or HR

If your work email, employer name, or office address was in the dox, your employer needs to know. Brief them in writing — short, factual, the dox is happening, here are the platforms involved, here is what I'm doing about it. Most modern HR teams have a playbook for this. Many will offer to brief building security and front-desk staff so a hostile visitor doesn't get past the lobby.

Hour 3–12 — Lock down your accounts

The dox itself is half the problem. The other half is what the doxxer (or someone watching them) does with the data next: SIM swap attempts, account takeover attempts, social-engineering calls to your bank.

In this order:

  1. Change your email password first. Email is the recovery vector for everything else.
  2. Then change passwords for any account whose credentials might have leaked previously — check at haveibeenpwned.com and rotate every site listed.
  3. Use a password manager (1Password, Bitwarden, Apple Passwords). Every account gets a unique password. Doxxing victims often discover during this exercise that they were reusing one password across dozens of sites.
  4. Move 2FA to an authenticator app or hardware key, not SMS. SMS is vulnerable to SIM swap, and SIM swap is one of the first things a determined doxxer will try once they have your phone number. The pillar piece on SIM-swap prevention covers carrier-side lock setup.
  5. Call your phone carrier and add a SIM-swap PIN / port-out lock. Verizon, AT&T, and T-Mobile all support this; the menus are buried. Insist.
  6. Set your social profiles to private temporarily. You can reopen them later. The goal right now is to deny the doxxer fresh material.
  7. Set up Google Alerts on your name, address, and phone number at google.com/alerts. New mentions will email you within hours.
  8. Audit your phone for stalkerware if the dox came from someone with physical access to your devices. Our stalkerware detection guide is the walkthrough.

Hour 12–24 — Start scrubbing the source

The doxxer didn't invent your address. They pulled it from a people-search site that pulled it from public records. If you do not scrub the source, the next person to dox you will start at the same site.

  1. Set up Google's Results About You at myactivity.google.com/results-about-you. Add your name, addresses, phones, emails. Submit removal requests for every match. This shuts off the Google Search surface fast.
  2. File opt-outs at the top six people-search sites — Spokeo, Whitepages, BeenVerified, Radaris, MyLife, Intelius. Each takes 5–15 minutes and has its own verification step (email link, captcha, sometimes a phone call).
  3. Beyond those six, there are roughly 150 more that all share the same source data. Some require notarized affidavits. This is where a service like Leak Check Me earns its keep — a one-time scrub mission across the major sites is $20.
  4. For severe cases involving physical safety, look into your state's Address Confidentiality Program (ACP). Most US states have one for survivors of domestic violence, stalking, or sexual assault — it gives you a legal substitute address that satisfies DMVs, voter rolls, and process servers without exposing your real one. Eligibility varies; the National Network to End Domestic Violence has a state-by-state directory.
  5. In extreme cases, change physical location. A friend's couch for two weeks is a reasonable response to a credible address-based threat. Doxxing rarely produces violence, but the fear is exhausting and a brief change of scene helps you regroup.

A short word on your mental state

Being doxxed is a specific kind of violation. It mixes public exposure, helplessness, and the sense that the rules of normal life have stopped applying to you. That feeling is real and it is also temporary.

Do not stay alone if you can help it. Eat something. Sleep if you can — fear interferes with sleep, but sleep is what restores judgment, and you'll need judgment over the next week. If the dox is connected to identity-based harassment, the Online SOS Network and PEN America's Online Harassment Field Manual both have free resources and human help. RAINN's 24/7 hotline (1-800-656-4673) is available for anyone whose dox involves sexual content posted without consent.

What you can do today

  1. Screenshot first, then report. Every platform, every post, every URL. Save the screenshots.
  2. File the police report and get the case number, even if you doubt it'll go anywhere.
  3. Rotate passwords starting with email, move 2FA to an authenticator app, add a carrier port-out lock.
  4. Set up Google's Results About You and file opt-outs at the top six people-search sites.
  5. Tell one trusted person where you are and what's happening. Don't go to sleep alone tonight if you can avoid it.

If you want help with the broker side of this — the part that takes hours and feels endless — that is what Leak Check Me does. Run a scrub mission at leakcheckme.com and we'll help prepare eligible opt-out actions, verify progress, and patrol for relistings. It does not undo the dox, but it cuts the next one off at the supply.

Sources

Keep going

Related privacy guides

data leak protection

Leaks Happen. The Real Risk Is the Link Between Them. (Our Manifesto)

Leaked passwords are recoverable. Joined profiles are not. Why data leak protection has to break the link, not just chase the breach.

Read guide
how to detect stalkerware

Stalkerware on Your Phone: How to Detect and Remove It

Stalkerware is consumer spyware sold openly and installed by people you know. Here's how to detect it on iPhone and Android, and what to do safely.

Read guide
google results about you

How to Use Google's 'Results About You' — And Why It's Not Enough

Google's Results About You tool removes your name and address from Google search results — but the source pages and data brokers behind them stay live.

Read guide
Leak Link Check

See what is exposed before it gets joined.

Run a verified check for known breach exposure and public identity links, then authorize eligible scrub actions from the dashboard.

Run Leak Check