Over four billion data records were stolen in 2016

"No industry, organization size or geographic location, is immune to a data breach."

That's the bottom line to Risk Based Security's recently published end-of-year data breach report, which concluded that over four billion records had been stolen during 2016.

The report confirmed that three companies accounted for half of the records stolen in breaches reported last year.

Yahoo saw over 1.5 billion records stolen in two separate reported attacks -- the largest breach of records in history, eclipsing AdultFriendFinder's 412 million accounts and Myspace's 427 million passwords.

That accounts for 2.3 billion records out of 4.2 billion records stolen during the year.

The remaining two billion accounts came from over 4,100 separate breaches targeting government agencies, medical institutions, and other businesses.

More than half -- around 53 percent -- of all 2016's reported breaches were as a result of hacking, according to the report. Many of the larger services were attacked a few years prior, during a period in which security wasn't taken as seriously or wasn't implemented properly. Many of the records from the Myspace and AdultFriendFinder breaches were stored using weak hashing algorithms or in plaintext, suggesting a lack of encryption employed at the time.

But, not to be overshadowed, the smaller breaches still add up. According to the research, half of the reported breaches exposed between one and 10,000 records.

Most of the hacks involved a remote SQL injection attack from faulty or badly configured websites, the report said.

The report said that a little under five percent of breaches were as a result of malware, representing less than one percent of exposed records

"Another ongoing issue continues to be misconfigured databases and other inadvertent web based disclosures as they exposed over 253 million records in 2016," said Inga Goddijn, executive vice president of Risk Based Security.

Many of those exposed databases, including a leak of confidential military personnel data, a financial crime and terrorism database, and a leak exposing faults in the official account of an inmate's death, were reported on ZDNet.

Risk Based Security said the number of reported breaches has exceeded 23,700, accounting for more than 9.2 billion records.

These were the biggest hacks, leaks and data breaches of 2016

ZDNET INVESTIGATIONS

Researchers say a breathalyzer has flaws, casting doubt on countless convictions

Lawsuits threaten infosec research — just when we need it most

NSA's Ragtime program targets Americans, leaked files show

Leaked TSA documents reveal New York airport's wave of security lapses

US government pushed tech firms to hand over source code

Millions of Verizon customer records exposed in security lapse

Meet the shadowy tech brokers that deliver your data to the NSA

Inside the global terror watchlist that secretly shadows millions

198 million Americans hit by 'largest ever' voter records leak

Britain has passed the 'most extreme surveillance law ever passed in a democracy'

Microsoft says 'no known ransomware' runs on Windows 10 S — so we tried to hack it

Leaked document reveals UK plans for wider internet surveillance

• Researchers say a breathalyzer has flaws, casting doubt on countless convictions
• Lawsuits threaten infosec research — just when we need it most
• NSA's Ragtime program targets Americans, leaked files show
• Leaked TSA documents reveal New York airport's wave of security lapses
• US government pushed tech firms to hand over source code
• Millions of Verizon customer records exposed in security lapse
• Meet the shadowy tech brokers that deliver your data to the NSA
• Inside the global terror watchlist that secretly shadows millions
• 198 million Americans hit by 'largest ever' voter records leak
• Britain has passed the 'most extreme surveillance law ever passed in a democracy'
• Microsoft says 'no known ransomware' runs on Windows 10 S — so we tried to hack it
• Leaked document reveals UK plans for wider internet surveillance

What you need to know about the Yahoo breach: