While extant literature on privacy in social networks is plentiful, issues pertaining to information security remain largely unexplored. This paper empirically examines the relationship between online victimisation and users' activity and perceptions of personal information security on social networking services (SNS). Based on a survey of active users, we explore how behavioural patterns on social networks, personal characteristics and technical efficacy of users impact the risk of facing online victimisation. Our results suggest that users with high-risk propensity are more likely to become victims of cybercrime, whereas those with high perceptions of their ability to control information shared on SNS are less likely to become victims. The study shows that there is a negative and statistically significant association between multipurpose dominant SNS (e.g. Facebook, Google +) usage and victimisation. However, activity on the SNS for knowledge exchange (e.g. LinkedIn, Blogger) has a positive and statistically significant association with online victimisation. Our results have implications for practice as they inform the social media industry that protection of individual information security on SNS cannot be left entirely to the user. The importance of user awareness in the context of social technologies plays an important role in preventing victimisation, and social networking services should provide adequate controls to protect personal information.