It’s no secret that sharing personal information online comes with risk. But what if toys were also making it possible for hackers to access both your and your children’s information?

A new generation of toys that connect to the internet is doing just that, making it even more difficult to safeguard your child’s privacy.

Earlier this year, a security researcher warned toymaker Spiral Toys that its internet-connected teddy bear could be vulnerable to hackers.

The bear comes with a Bluetooth connection and parents and children can record and send messages to each other through the internet with an app. But the researcher warned the company’s servers weren’t adequately protected, putting user emails and passwords at risk.

Spiral Toys says it saw no evidence its data was breached, but took immediate action to protect the privacy of its customers.

“Exposing personal data could put you at risk for identity theft or even credit card fraud down the road - and the worst case scenario though very remote is that that information could be used in a child abduction,” said Bree Fowler, Consumer Reports cyber security editor.

And there are some very real instances of children’s privacy being compromised by internet-connected toys.

Two years ago a hacker attacked toy maker VTech, exposing profiles of more than six million children, including names, genders and birth dates and even more detailed profiles of about five million adults.

VTech says they took swift action after its data was compromised. The company assures consumers they can now manage their accounts securely and also advised customers to change their passwords as soon as possible.

The U.S. Federal Trade Commission recently announced it’s reviewing privacy and security complaints of two internet connected toys, I-Que Robot and My Friend Cayla. The doll has been banned in Germany.

They’re examples that should serve as a wake-up call to families: either play it safe and enter fake names and birthdays, or skip buying these toys altogether.