How data brokers collect your information
Data brokers rarely get information from you directly. Instead they harvest and combine it from many sources:
- Public records. Voter rolls, property and deed records, court filings, marriage and business registrations.
- Commercial data. Loyalty programs, warranty cards, magazine subscriptions, and purchase histories sold or shared by retailers.
- Online activity. Cookies, ad-tracking, app permissions, and self-reported profile fields from websites and apps.
- Other brokers. Brokers buy and resell each other’s data, which is why the same wrong middle initial or old address can appear on dozens of sites.
They then use matching algorithms to link these fragments into a profile keyed to your name and address — complete with relatives, past addresses, and estimated income.
The two kinds of brokers
Broadly, there are two categories. Marketing and risk brokers sell data to businesses for advertising, identity verification, and background screening — you rarely see them. People-search sites are the consumer-facing kind: type in a name and they display a home address, phone number, age, and relatives, often behind a small paywall. People-search sites are the ones that most directly enable doxxing and stalking, because they expose your location to anyone for a few dollars.
Why data brokers are a security risk
A broker profile is a ready-made attack kit. It gives a harasser your home address, gives a SIM-swapper the personal details to impersonate you to your carrier, gives a scammer the context to craft a convincing phishing message, and gives a fraudster the answers to your “security questions.” None of it requires a hack — it is simply for sale. That is why removing yourself from data brokers is one of the highest-leverage privacy steps you can take.