ECOVACS Listed by spacebears Ransomware Group
ECOVACS is a highly successful Chinese robotics company founded in 1998 in Suzhou. It has grown into a global leader in smart home cleaning solutions, with its products sold in over 145 countries and trusted by tens of millions of users worldwide.The company is best known for its award-winning DEEBOT robot vacuums, WINBOT window cleaners, GOAT robotic lawn mowers, and other intelligent cleaning devices powered by advanced AI and navigation technologies.Driven by the vision “Robotics for All”, ECOVACS continues to innovate and expand rapidly, making premium home robotics accessible and effectiv
On June 1, 2026, Chinese robotics manufacturer ECOVACS appeared on the leak site of the spacebears ransomware group, with the attackers claiming to have exfiltrated internal company files following a ransomware incident.
Confirmed Details of the Breach
Public reporting indicates that ECOVACS, the company behind popular DEEBOT robot vacuums and other smart home cleaning devices, was listed by the spacebears group on their dark web leak portal. The primary source is the group’s own leak site, accessible via the .onion link hosted on ransomware.live. No exact number of affected customer records has been disclosed, and the precise volume or sensitivity of the stolen internal files remains unconfirmed in available reporting. The company, founded in 1998 in Suzhou, sells its AI-powered cleaning robots in more than 145 countries and serves tens of millions of households worldwide.
Internal files were exfiltrated during the ransomware attack. At the time of listing, the group had not publicly released samples of the data, though such postings typically precede demands for payment to prevent broader publication.
Why This Matters for You and Your Family
When a company that makes devices used inside millions of homes suffers a breach, the risks extend beyond corporate networks. Robot vacuums, window cleaners, and lawn mowers often connect to home Wi-Fi, mobile apps, and cloud accounts that store maps of your house, usage patterns, and sometimes linked email or payment details. If those credentials or related internal documents surface, attackers can chain them with other leaks to target you personally. Your family’s daily routines, home layout, and linked accounts become easier to exploit for identity theft, phishing, or physical access schemes.
Tens of millions of users worldwide rely on ECOVACS products. Even without direct confirmation that customer databases were taken, the exposure of internal files increases the chance that employee credentials, partner contracts, or support-ticket details containing personal information could be repurposed against ordinary families like yours.
The Doxxing and Identity-Chain Risks
Ransomware groups rarely stop at one dataset. A single leaked email or reused password from an ECOVACS-related system can serve as the starting point for an identity chain that links your gaming handles, social media, phone numbers, and home address. Once attackers map these connections, they can move from digital harassment to doxxing, account takeovers, or extortion. Credential leaks like this one frequently cascade into gaming account compromises, especially for children whose usernames and passwords are sometimes stored in family-linked support records or shared devices.
Available reporting describes how initial access gained through ransomware often leads to broad exfiltration that fuels weeks or months of follow-on attacks. Families who own smart home robots may not realize their cleaning device app shares authentication pathways with other services, creating hidden links that professional doxxers actively hunt.
Spacebears Ransomware Group Track Record
Public reporting attributes the spacebears group with a growing list of attacks since it first gained attention in late 2024. The group has targeted mid-sized manufacturers, technology firms, and consumer-product companies, often listing victims on dedicated leak sites after deploying ransomware. Their typical playbook involves initial access through phishing or exploited remote desktop services, followed by data exfiltration before encryption. They then demand payment to prevent publication, using countdown timers and sample file releases to pressure targets. Notable prior victims have included logistics providers and industrial suppliers, though full details of every incident remain limited in open sources.
What to do
- Run a DoxxScan to map every link between your email addresses, phone numbers, gaming handles, and real-world identity so hidden connections from breaches like ECOVACS become visible.
- Rotate any password you have ever used with an ECOVACS app or account and enable 2FA through an authenticator app rather than SMS.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next leak exposing you or your family is caught and addressed in hours, not months.
- Cover the entire household with DoxxScan family protection, which includes children’s gaming accounts that often chain back to the same credentials or home address used for smart home devices.
- Let remediation specialists handle takedown requests for any exposed personal information across data brokers and leak sites.
The incident underscores that even trusted names in consumer robotics can become gateways to personal data exposure. Taking deliberate steps now limits how far attackers can travel down the identity chain created by this and future breaches. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that explicitly protects gaming accounts belonging to you or your children.
Related breaches
Studio Sardano Listed by AiLock Ransomware Group
Studio Sardano is a company that operates in the Repair Services industry. It employs 10to19 people …
Preneed Funeral Programs Listed by play Ransomware Group
United States…
Excalibur Rentals Listed by akira Ransomware Group
Excalibur Rentals is dedicated to providing reliable rental equipment services, ensuring that c lien…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →