A user's online social network (OSN) friends commonly share information on their OSN profiles that might also characterize the user him-/herself. Therefore, OSN friends are potentially jeopardizing users' privacy. Previous studies demonstrated that third parties can potentially infer personally identifiable information (PII) based on information shared by users' OSN friends if sufficient information is accessible. However, when considering how privacy settings have been adjusted since then, it is unclear which attributes can still be predicted this way. In this paper, we present an empirical study on PII of Facebook users and their friends. We show that certain pieces of PII can easily be inferred. In contrast, other attributes are rarely made publicly available and/or correlate too little so that not enough information is revealed for intruding user privacy. For this study, we analyzed more than 1.2 million OSN profiles in a compliant manner to investigate the privacy risk due to attribute prediction by third parties. The data shown in this paper provides the basis for acting in a risk aware fashion in OSNs.