If you thought you were going to make it out of 2018 without a couple more data slip-ups, think again! Two incidents bookended the week. Monday, Google revealed that a bug in its somehow still alive Google+ social network exposed the data of 52.5 million users. That's orders of magnitude bigger than the 500,000 users that were impacted by a previous Google+ exposure. And on Friday, Facebook announced that it had exposed photos of up to 6.8 million users for nearly two weeks in September. It's still working on cleaning up the mess.

The timing on Facebook's disclosure was auspicious! Not only had it just opened a one-day "pop-up" in New York City to tout its focus on user privacy, it had also announced its biggest yet bug bounty payout. Not so fast, horn-tooters!

It was a semi-eventful week for President Donald Trump and associates, as former Trump fixer Michael Cohen was sentenced to 36 months in prison for financial crimes he had pleaded guilty to. But lots of people in Trump's orbit—and the president himself—have plenty of cause for alarm.

It also looks increasingly like China was behind the years-long Marriott hack that impacted 500 million people, which in turn means that 2014 was a full-on assault on the US by state-sponsored Chinese hackers. And a spate of bogus bomb threats Thursday sent schools and offices scrambling, a dangerous escalation of a known bitcoin sextortion scam. Which is about as 2018 as it gets.

And there's more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

Rolling Stone reported in a brief item this week that megastar Taylor Swift deployed a sneaky facial recognition camera at her May 18 Rose Bowl show. Hidden behind a display that showed short videos of rehearsals, the camera fed footage back to Nashville, where a team ran them against a database of known stalkers. If that sounds crazy invasive, guess what! It happens more than you think, and will increasingly become the norm unless Congress regulates it. Which, honestly, Microsoft's been literally begging for oversight since July to no avail, so don't hold your breath.

Just under a month ago, hackers hit the Make-A-Wish website with cryptojacking software. Now, Save the Children Federation has fallen victim to an even more aggressive scheme. Hackers reportedly compromised an employee's email, using that access to trick others into sending a million dollars to con artists in Japan. While the heist was just reported this week, it took place in May 2017. The Boston Globe also reports that Safe the Children Federation managed to get most—but not all—of its money back from insurance. Still, bad form, hackers!

Speaking of hackers, China continues to go after US Navy contractors. While the Washington Post first reported the intrusions over the summer, the Wall Street Journal detailed an 18-month campaign focused on stealing missile plans and more. It appears to be part of a broader increased effort on China's part to hack United States interests, as trade tensions escalate and an Obama-era truce erodes.

Another year, another list of the most frequently used (and therefore worst) passwords on the internet. For the fifth year in a row, "123456" retained the top slot. The word "password" came in second. We're sorry to report that "dragon" has fallen out of the top 25, and that "donald" has made it in for the first time, at 23. Please don't use any of those. Do this instead.

More Great WIRED Stories