Each time the latest data breach news is made public, there’s generally widespread disdain toward the company responsible for not doing more to protect affected data. What people often overlook is they shouldn’t have trusted that company with their information in the first place.

You know, details on social media like where you work, what your entire family looks like, your phone number (which is tied to your Social Security number and home address through your carrier), and tons of other personal details that in some cases can be found without even needing to follow or friend you (gasp).

Many people blindly hand their information over without having even a basic understanding of the risks involved. Recently, Facebook subtly updated a recent announcement that indicated the passwords of “tens of thousands” Instagram users were stored in a readable—meaning non-encrypted—format. In truth, the number was in the millions.

As if that security risk wasn’t enough, Facebook also revealed that it “mistakenly” uploaded the personal contacts of 1.5 million users without their consent. According to Business Insider, “A Facebook spokesperson said before May 2016, it offered an option to verify a user’s account using their email password and voluntarily upload their contacts at the same time. However, they said, the company changed the feature, and the text informing users that their contacts would be uploaded was deleted — but the underlying functionality was not.”