Right before you Thanksgiving and some of the biggest shopping days of the year, Amazon sent\u00a0emails to affected customers, revealing that it had \u201cinadvertently disclosed your name and email address due to a technical error.\u201d The lackluster email caused some people to worry it might be a phishing attack.Amazon failed to say how many people were affected by the data exposure or what the technical error actually was; instead, Amazon claimed the issue was fixed and impacted customers were notified.More cybersecurity newsSecurity hole leads to data exposure of 60 million USPS customersFirst we had a U.S. Secret Service warning\u00a0saying the U.S. Postal Service's Informed Delivery service was being abused by identity thieves. Now Brian Krebs says\u00a0the USPS closed a security hole in the API for \u201cInformed Visibility\u201d that exposed data on 60 million users.Multiple flaws in TP-Link routersSpeaking of security holes, Cisco Talos Intelligence disclosed four vulnerabilities in TP-Link\u2019s TL-R600VPN routers, including a remote code execution hole.Linux servers targeted with non-IoT Mirai variants Botmasters are branching out from routers, security cameras, and other Internet of Things (IoT) devices and are now trying to use a Hadoop vulnerability to target Linux servers with Mirai variants. Netscout said, \u201cThis is the first time we\u2019ve seen non-IoT Mirai in the wild.\u201dGhostscript flawThe Ghostscript interpreter used to process PDF files and postscripts, which is shipped with most flavors of Linux distribution and is commonly used by sites, services, apps, and cloud platforms, has a remote code execution flaw (pdf). The vulnerability discovered by Semmle is a variant of the critical vulnerability discovered by Google Project Zero\u2019s Tavis Ormandy in August.DirtyCOW and backdoor into Drupal serversDo you use Drupal? Imperva researchers spotted a campaign using DirtyCOW, Drupalgeddon2 and system misconfigurations to \u201cpersistently infect vulnerable Drupal web servers and take over user machines.\u201dFacebook and LinkedIn privacy failsFacebook may be facing more woes as the British Parliament seized a cache of internal Facebook documents to determine the truth of Facebook\u2019s data and privacy control decisions.LinkedIn is also in hot water, as Ireland\u2019s Data Protection Commissioner found (pdf) that \u201cLinkedIn\u2019s practices leading up to GDPR implementation in Europe were not only uncanny, but actually violated data protection rules, in LinkedIn\u2019s case concerning some 18 million email addresses.\u201dU.S. government security and privacy failsA recent audit found that the IRS failed to apply consumer protections for victims of at least 89 data breaches, leaving at least 11,406 U.S. taxpayers unprotected.In addition, Sen. Ron Wyden (D-Ore.)\u00a0pointed out that the public has waited decades for the Department of Defense (DoD) to be audited as is required by law. Now it has been revealed that the DoD failed its first-ever full-scale audit.IronyJapan\u2019s cybersecurity minister, who admitted to not using computers, has now admitted that he\u2019s \u201cnot that familiar\u201d with cybersecurity matters. Japan\u2019s head honcho for cybersecurity said his main job \u201cis to read out written replies (prepared by bureaucrats) without making any mistakes.\u201dMeanwhile in North Korea, with the government-sponsored hacking group Lazarus, which allegedly has stolen $571 million of the $882 million total in heisted crypto from online exchanges:North Korea is hosting a conference on blockchain and cryptocurrency next year. Organizers say U.S. citizens are welcome to attend the despite travel ban. @nknewsorg @ColinZwirko @OliverHotham https:\/\/t.co\/4ORhrbhQWH\u2014 CSIS Korea Chair (@CSISKoreaChair) November 21, 2018SurveillanceThe social credit system Citizen Score is part of China\u2019s over-the-top surveillance. Now, apparently, the U.S. Department of Homeland Security (DHS) is taking a page from China with its new credit score-checking proposal. Slate revealed, \u201cThe agency charged with safeguarding the nation would like to make immigrants submit their credit scores when applying for legal resident status.\u201dSpeaking of surveillance, Google\u2019s new patents reveal that the search giant wants to data mine your bedroom:\u00a0\u201cGoogle wants to scan your clothing and listen to your brush your teeth.\u201dWhile letting Google into your bedroom is optional, some people with health disorders are already under \u201csecret\u201d surveillance in their bedrooms. Millions of people with sleep apnea use CPAP breathing machines, and ProPublica explained that health insurance companies, starting with Medicare, use surveillance \u2013 without users\u2019 knowledge \u2013 to keep track of how long the machines are used each night. If a user fails to comply by using the device for the required time period, insurers can deny payment.Others argue we will invite surveillance by agreeing to be microchipped.Shop smartWhen shopping, be sure to shop smart. Be aware of internet-connected devices that could allow hackers to watch you.