You might not be shocked that this week began with big news about a coordinated misinformation campaign on Facebook. But in a twist on the usual narrative, Facebook welcomed the media reports, calling a press conference to reveal that it had removed 35 fake accounts. The rare proactive step was a clear attempt to show the media and Congress that Facebook is tackling misinformation head in the runup to the midterm elections.

Fake Facebook accounts weren’t the only thing taken down from the internet this week. After a federal judge granted an injunction against Defense Distributed’s DIY 3-D printed gun blueprints on Tuesday, founder Cody Wilson complied with the court order and removed them several hours later. The removal was the culmination of weeks of outcry against the blueprints after Wilson had initially reached a settlement in a five-year legal battle to put them online.

Elsewhere, Reddit got hacked thanks to an insecure two-factor-authentication setup. (Reminder: SMS two-factor is a bad idea!. We learned about the inner working of the hacking group Fin7, who may have stolen a whopping billion dollars from companies all over the world. The Democratic National Committee is holding a hacking contest for kids aged 8-12 at DefCon, because reports indicate that US voting infrastructure is so easy to hack, even a kid could do it. Speaking of infrastructure, the Department of Homeland Security announced it’s creating a task force to defend against critical infrastructure hacks.

There’s more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

Federal Air Marshals Have Been Spying On Us As We Fly

Have you ever changed your clothes in an airport, or shaved in an airplane bathroom, or boarded your plane last? Well, turns out that those are behaviors US air marshals are trained to consider suspicious. According to The Boston Globe, since 2010 the TSA has operated a secret program called “Quiet Skies,” in which air marshals track regular people who haven’t been accused of any crime, looking for potential terrorists. As part of the program, marshals reportedly watch passengers on planes and in airports for signs of things like, “excessive fidgeting,” “facial flushing,” “or wringing of hands”—all symptoms that might sound familiar to nervous fliers. Speaking anonymously to the Globe, some air marshals called the program a waste of taxpayer money. Thousands of US citizens have apparently been monitored as part of Quiet Skies, and once marked for observation, people remain on the watchlist for 90 days.

But TSA May Do Away with Passenger Screening at Small Airports

According to a report from CNN, the TSA is considering closing screening operations at 150 of the nation’s smaller airports, which seems….like maybe a bad idea? Or as one counterterrorism expert put it, “stunning that this is even seriously being considered.” According to anonymous senior TSA officials and documents obtained by CNN, the proposal suggests dropping screening at airports serving aircrafts with less than 60 seats could save the agency $115 million annually. The proposal suggests that money could instead be used to bolster security at larger airports.

Cyber Folks Still Don’t Want to Work for the FBI

The FBI has been losing top cybertalent for a while, but with the recent exodus of four top cyberofficials–including the person overseeing the election-meddling task force, who left this month–it’s clear the trend is gaining speed. In the past five years, the department has lost 20 of its cybersecurity leaders, maybe of whom departed for lucrative jobs in the private sector. Politico reports that this troubles people within the bureau, coming as it does at a time when our nation is under cyberattack from foreign adversaries, and awash in coordinated cybercampaigns to disrupt the coming midterm elections. As the FBI fills these roles, former FBI officials say top brass need to focus on finding people who will stay in their roles longterm.

No Free Chipotle For You

Did you friend send you a $100 Chipotle gift card this week? Aw, that was so sweet of them, right? Actually, no. Your friend got scammed, and scammed you. Sorry. A URL to a fake gift card spread on social media this week, promising $100 at Chipotle to anyone who could get four friends to click on it. Rather than give them the money though, all the “gift card” did was gain access to their address book. DO NOT CLICK.

Credit Card Company Leaks Thousands of Applicants’ Private Data

TCM Bank is a credit card issuer that helps small community banks get credits to their members. Unfortunately, owing to a snafu on TCM’s website, thousands of folks who applied for credit cards between March 2017 and last month had their private information exposed. That includes Social Security numbers, names, addresses and dates of birth–your regular identity-theft nightmare. The good news is that only 25 percent of the people who applied for credit cards during those months were affected. The bad news is that’s still 10,000 people, according to an attorney for TCM Bank’s parent company.

More Great WIRED Stories