There is a good technical deep-dive on Hunt's site that explains what Spiral Toys did wrong and which led to the data breach.
It's a sad read. The long and short of it is that Spiral Toys was massively incompetent and in being that, violated lots of children's privacy - and their parents' too. People's personal data was left online with no or totally inadequate safeguards, which is completely unacceptable, especially when children are involved.
Spiral Toys continues to deny that the data was leaked and that they're at fault, which adds to the concern. The decent thing would be to own up to what's happened, and notify parents who are affected by the data leak.
Once you hand over your data, you've pretty much lost control over it too. Apart from safeguarding it, the big problem with providing sensitive data to any third-party is that you have no guarantees that it will be deleted if you so wish.
There's only one thing a parent can do here, and that's to stay away from internet-connected toys. They're not safe, and should not be near your children.
In the case of CloudPets, it gets worse though: the wireless communications tech built into the teddies isn't secured at all.
This means the cute teddies can be turned into spying devices. Not only that, but a bad person could record nasty voice messages on the toys.
The CloudPets data leak should be a call to action for government watchdogs to investigate "smart toys" because they are a danger to kids thanks to incompetent and irresponsible manufacturers.
Why you should avoid connected toys for your children
• December 1, 2015: Toy maker Vtech exposes sensitive information for five million parents and children, including selfies and private messages.
• December 7, 2015: "Hello Barbie" doll could eavesdrop on your kids.
• February 18, 2017: Germany bans the wireless Cayla doll with hidden cameras and microphones, for fear it could be used to spy on kids.