A quantitative behavioural online study examined a set of hazards that correspond with security- and privacy settings of the major global online social network (Facebook). These settings concern access to a user's account and access to the user's shared information (both security) as well as regulation of the user's information-sharing and user's regulation of others' information-sharing in relation to the user (both privacy). We measured 201 non-student UK users' perceptions of risk and other risk dimensions, and precautionary behaviour. First, perceptions of risk and dread were highest and precautionary behaviour was most common for hazards related to users' regulation of information-sharing. Other hazards were perceived as less risky and less precaution was taken against these, even though they can lead to breaches of users' security or privacy. Second, consistent with existing theory, significant predictors of perceived risk were attitude towards sharing information on Facebook, dread, voluntariness, catastrophic potential and Internet experience; and significant predictors of precautionary behaviour were perceived risk, control, voluntariness and Internet experience. Methodological implications emphasise the need for non-aggregated analysis and practical implications emphasise interventions to promote safe online social-network use.