In 2016, the news was awash with stories of major data breaches and hacks, many of which could have been avoided with simple security measures. From Clinton controversies to the Panama Papers to the largest data breach in internet history, here’s a roundup of the most significant hacks and leaks of 2016.

Hillary Clinton

E-mail leaks from the Democratic National Committee and the Clinton campaign dominated headlines in the run-up to the 2016 U.S. election, with thousands of messages being dumped on WikiLeaks.The most damning e-mails were those sent and received by Hillary Clinton campaign manager John Podesta and former Democratic National Committee chair Debbie Wasserman Schultz.

While books could be written about the contents of the hacked e-mails, highlights include the transcript of a speech where Clinton said that politicians must have “both a public and a private position," a senior Clinton insider referring to Chelsea Clinton as a “spoiled brat kid.” and scores of notes outlining key Democratic party members’ deep hostility towards Clinton’s primary rival, Senator Bernie Sanders.

Although the U.S. government blamed state-sponsored Russian hackers for the leaks, in the run-up to the U.S. election, Donald Trump claimed there was no proof. At a July rally, however, Trump actually encouraged Russia to find deleted e-mails from Clinton’s controversial private server, essentially encouraging foreign espionage. When the CIA announced in December that it believed that Russia meddled in the election to secure Trump’s win, the President-elect dismissed the allegations as "ridiculous.”

Panama Papers

Ah, Panama: idyllic beaches, lush jungles and a great place to go if you’re looking to hide money. A trove of 11.5 million leaked documents dubbed the “Panama Papers” was revealed in April which detailed the offshore financial dealings of the world’s rich, powerful and famous.

Published by a coalition of media outlets and the International Consortium of Investigative Journalism non-profit, the data mostly detailed how Panama-based law firm Mossack Fonseca helped its clients quietly – and legally – squirrel away billions of dollars into more than 200,000 offshore entities to hide income and avoid taxes.

World leaders like the former Prime Minister of Iceland (he resigned over the scandal) and the President of Ukraine were implicated, and so were celebrities like martial arts master Jackie Chan and Bollywood star Amitabh Bachchan. In total, people in more than 200 countries were connected to the damning documents, including some Canadians.

Mark Zuckerberg

We all know that “password” and “12345” are terrible ways to protect your online accounts. Turns out “dadada” is a pretty bad password too. In 2016, Facebook CEO and co-founder Mark Zuckerberg found that out the hard way after three of his social media accounts – LinkedIn, Twitter and photo-sharing Pinterest – were hacked.

Turns out he was using the same password for all three sites, a giant Internet security faux pas! Hackers were able to get into the tech guru’s accounts with the “dadada” password having been revealed in a 2012 LinkedIn hack of 117 million users. Moral of the story? Don’t recycle your passwords and definitely try to come up with something unique for each account.

Verizon Yahoo

In 2016, it was revealed that multinational technology company Yahoo was subject to the two largest data breaches in the history of the Internet. The first revelation came in September, when the company announced that at least 500 million Yahoo accounts had been compromised.

Although the breach was revealed this year, it actually occurred in 2014. Account usernames, email addresses, telephone numbers, birth dates, passwords as well as security questions and answers were all stolen in the massive attack. Yahoo blamed “state-sponsored” hackers without naming a country. It is not known how long Yahoo knew about the breach. If that wasn’t enough, in December, Yahoo announced that similar data from more than one billion user accounts was stolen in an August 2013 hack.

In short, if you own or once used a Yahoo email account, and you haven’t already, you should definitely change your password now!

Baby monintor hacking scare

In late October, Internet users across North America and Europe saw major websites like Twitter, Netflix and PayPal go dark after New Hampshire-based domain provider Dyn Inc. was hit by a series of distributed denial-of-service (DDoS) attacks. In other words, hackers flooded Dyn’s computers with junk traffic, overwhelming servers that hosted such websites.

Other sites like Amazon, Airbnb, CNN and Etsy were also affected. The bizarre thing about this online blackout is that it was believed to be carried out by malware-infected Internet-enabled devices, not infected home computers. Known as “the Internet of things,” such devices can include everything from cameras to thermostats to kids’ toys.

According to one study, the average North American home contains 13 Internet-connected devices, which means you probably have one at home too! Many of these kinds of devices have little in terms of built-in security, and with millions of them scattered around the globe, analysts fear that an even larger attack could bring much of the Internet to a grinding halt.