Nowadays, Online Social Networks (OSNs) become more and more concerned about users’ privacy issues, and put more e orts to protect users from being violated by privacy breaches (e.g., spamming, deceptive advertising). Although OSNs encourage users to hide their private information, the users may not be really protected as the hidden information could still be predicted from other public information. This paper, taking a particular privacy-sensitive attribute ‘current city’ in Facebook as a representative, aims to notify individual users of the quantified exposure risk that their hidden attributes can be correctly predicted, and also provide them with countermeasures. Specifically, we first design a current city prediction approach that infers users’ hidden current city from their self-exposed information. Based on 371;913 Facebook users’ data, we verify that our proposed prediction approach can outperform state-of-the-art approaches. Furthermore, we inspect the prediction results and model the current city exposure probability via some measurable features of the self-exposed information. Finally, we construct an exposure estimator to assess the current city exposure probability/risk for individual users, given their self-exposed information. Several case studies are presented to illustrate how to use our proposed estimator for privacy protection; while the extension to a general attribute exposure estimator is also discussed to facilitate OSNs to maintain a healthy social and business environment.