As online social networks get more popular, it becomes increasingly critical to preserve user privacy in such networks. In this paper, we propose our preliminary results on defining and tackling information aggregation attacks over online social networks. We first introduce three major threats towards private information in online social networks. We conceptually model private information into multilevel and discretionary models. Then, we articulate information aggregation attacks under discretionary model. Finally, we present our preliminary design of "privacy monitor," a framework that allows users to define their own privacy scheme, and track their actual privacy disclosure to check for any unwanted leakage.