Alaistair MacGibbon, who was recently appointed as Australia's first child e-safety commissioner, says the hacking of digital toymaker VTech highlights what can go wrong when parents put their trust in technology.
"We're in an era now where increasingly toys as are going to be connected to the internet," he said.
"This is called ‘the internet of things’. If we have trouble [security] patching our phones and our laptops and keeping them safe, are we going to start patching our dolls and our children’s toys?”
VTech has said data on about 6.4 million children was exposed in a hack of information on customers in more than a dozen countries.
The Hong Kong-based firm initially disclosed the attack on Friday, and said hackers took data of nearly 5 million adults, but it did not disclose how many children's profiles were accessed.
Mr MacGibbon said parents needed to be wary of so-caled smart toys, which were connected to the internet.
“As a society we need to be asking ourselves how much data is being collected about children, what that data is being collected for,” he said.
Security specialist Troy Hunt, who helped uncover the breach with technology website Motherboard, said the breach was cause for concern.
"You've got all these kids, you know their gender, you know their age, you know their name, and due to the fact that you can associate them back to the parents, you also know where to find them,” he said.
In a posted on its website on Tuesday, VTech disclosed that the number of children affected exceeded the number of adults, with on 4.9 million parents accessed.
"I've never seen a hack that affected children as much as this one," said Chris Wysopal, co-founder of cyber security firm Veracode.
"This is sort of the Ashley Madison for children. People unwittingly trusting their personal information in a company that wasn't equipped to handle it."
Users urged to change password regularly
The company's statement said the children's profiles included only name, gender and birth date.
Stolen data on their parents included name, mailing address, email address, secret question and answer for password retrieval, IP address, mailing address, download history and encrypted password.
The largest number customers whose data was accessed were in the United States, followed by France, the United Kingdom, Germany, Canada, Spain, Belgium and the Netherlands.
"We are aware of reports of some 18,000 Australian parents and children being affected by the VTech app breach," Australian consumer advocacy group Choice said in a statement.
"The breach is a timely reminder to change your passwords on a regular basis and check to see what data security measures you have in place in your home."
'Companies need to get serious about securing data'
Australian digital security expert Troy Hunt, who helped Motherboard website verify the leak, said companies weren't getting the message on securing customer data.
"Taking security seriously is something you need to do before a data breach, not something you say afterwards to placate people," Mr Hunt wrote on his blog.
Children's eSafety Commissioner Alastair MacGibbon said the theft of data relating to children added "a degree of injustice" to the breach.
"Why are we collecting this information to start with? If you don't collect it, you can't lose it," Mr MacGibbon said.
The hacker, reportedly speaking with Motherboard, said he had no plans to use the data.
"Frankly, it makes me sick that I was able to get all this stuff," the hacker said.
