The NYT crossword clue reads “maliciously revealed one’s private identity, informally” — and the answer is DOXED. Five letters. But here is the detail worth a second look: the same publication running that clue was accused of doing exactly that to an anonymous blogger back in 2020.
Table of Contents
The Crossword Clue, Confirmed
The clue “maliciously revealed one’s private identity, informally” appeared in the NYT Mini Crossword on August 12, 2025. A close variant, “maliciously publishes the private info of online,” ran in the full NYT Crossword on January 2, 2026, with the present-tense answer DOXES.
Both clues point to the same word: DOXED (or DOXES), a term the internet has been grappling with for decades.
What “Doxed” Means
Merriam-Webster defines it plainly: to dox someone is to publicly identify or publish private information about that person, typically as a form of punishment or revenge.
Collins English Dictionary classifies it as a 21st-century transitive verb meaning “to publish personal information about a person on the internet.”
The origin goes back further. In the hacker culture of the early 1990s, warring online factions would expose a rival by “dropping docs” — short for documents — posting their real identity in a publicly accessible file. “Docs” shortened to “dox,” and over time became a verb. By the mid-2010s, events like the Gamergate harassment campaign pushed the term into mainstream awareness, according to Wikipedia.
Both spellings, doxed and doxxed, are accepted. The NYT crossword uses the single-X version.
What Actually Gets Exposed
Doxxing is not limited to home addresses. According to Britannica, a doxxing attack can include:
- Full legal name — particularly damaging for anonymous or pseudonymous accounts
- Home address and phone number
- Workplace and employer details
- Email addresses
- Photos and family members’ identities
- Social security numbers in more targeted attacks
The consequences range from harassment and spam to death threats and swatting — the act of making a false emergency report to send armed police to someone’s address.
The Cases That Defined It
Doxxing has been at the center of some significant public controversies over the years.
2015 — The hacker group Anonymous publicly released the alleged identities of KKK members. The same year, a breach at the dating site Ashley Madison exposed the personal data of millions of users.
2020 — The New York Times itself became the center of a doxxing accusation when it indicated it planned to publish the real name of the anonymous California psychiatrist behind the popular Slate Star Codex blog. The psychiatrist shut the blog down before the article ran and publicly accused the Times of threatening his safety. The backlash cost the Times hundreds to thousands of subscribers, according to Wikipedia.
2022 — BuzzFeed News used public business records to identify the previously anonymous founders of the Bored Ape Yacht Club. One founder stated he was “doxxed against his will.”
March 2025 — A site called DOGEQuest published the names and home addresses of Tesla owners, encouraging vandalism. A Las Vegas Tesla service center was subsequently attacked with a gun and a Molotov cocktail, as reported by Kaspersky’s cybersecurity research.
Is Doxxing a Crime?
The legal answer varies by country and by method.
In the United States, there is no single federal anti-doxxing law. However, existing statutes covering stalking, harassment, and threats apply in many cases. Doxxing a government employee specifically falls under federal conspiracy law, according to Kaspersky. The Foundation for Individual Rights and Expression (FIRE) has also warned that broad anti-doxxing legislation risks conflict with First Amendment protections.
Australia took direct action in December 2024. After the personal details of over 600 Jewish Australians were leaked from a private WhatsApp group — leading to death threats — the government passed the Privacy and Other Legislation Amendment Act 2024, making doxxing a criminal offense punishable by jail time.
How to Reduce Your Exposure
Security researchers at Kaspersky consistently recommend:
- Audit your social media privacy settings regularly
- Use different usernames across platforms to limit aggregation
- Opt out of data broker listings that publish your address and phone number
- Register any domain names through a privacy proxy service
- Search your own name periodically to see what is already publicly visible
If you are doxxed, document everything before reporting it to the platform involved, as records are often removed quickly.
For most solvers, DOXED is a five-letter answer and nothing more. But the word has spent three decades moving from underground hacker slang to courtroom legislation — and the NYT crossword catching up to it in 2025 and 2026 says something about just how embedded it has become in everyday language.
Sources: Merriam-Webster, Britannica, Wikipedia, Collins English Dictionary, Foundation for Individual Rights and Expression (FIRE), Kaspersky, Bloomberg
