The advent of social networking websites presents further opportunities for criminals to obtain information for use in identity theft, cyber-stalking, and worse activities. This paper presents exploratory research investigating why users of social networking websites willingly disclose personal information and what sorts of information they provide (or not). The study employed an ethnographic approach of participation in the online community and interviews of community members, combined with a quantitative survey. The findings show that users are often simply not aware of the issues or feel that the risk to them personally is very low. The paper recommends that government agencies or social networking websites themselves conduct campaigns to inform the public of these issues and that social networking websites consider removing some facilities. The study was conducted in an Australian context and focussed on the popular Facebook website.