The toy itself has been hacked by security researchers, who showed that the communications between the Cayla doll and the parent’s app were not sufficiently protected, allowing an attacker to intercept audio recordings, or relay custom audio to the toy, possibly scaring the child.

Last year, security researchers from Pen Test Partners found several flaws in the firmware of BB-8 Star Wars smart toys.

Similarly, security experts from Rapid7 found that they could harvest personal data about children and their parents from Fisher-Price smart toys and hereO GPS kids’ watches.

In 2015, a security researcher named Matt Jakubowski said the hacked the Hello Barbie smart toy to extract enough personal information to track down someone’s home location.