It highlights that toys can collect the child's name, school, preferences, and activities when conversing with the toy or talking near it.
"The collection of a child's personal information combined with a toy's ability to connect to the internet or other devices raises concerns for privacy and physical safety," it says.
The FBI also warned of the risk of "child identity fraud" and "exploitation risks" in the event that account information and usage data, such as recorded voice messages and location, are leaked by companies that collect the data.
"Additionally, the potential misuse of sensitive data such as GPS location information, visual identifiers from pictures or videos, and known interests to garner trust from a child could present exploitation risks," it said.
The PSA follows several recent examples where poorly secured internet-connected toys have exposed children and parents to privacy risks.
Researchers discovered in February that Spiral Toys, the US maker of CloudPets connected toys, had leaked two million recorded messages of parents and their children via an unsecured online database.
The FBI's advisory echoed a warning that security experts have highlighted for several years over IoT security in general: "security safeguards for these toys can be overlooked in the rush to market them and to make them easy to use."
Before purchasing a connected toy, parents should examine the firm's user agreement disclosures and privacy practices, and understand where data is sent and stored.
The Federal Trade Commission in June updated its guidance on the Children's Online Privacy Protection Act (COPPA), which applies to firms that collect personal information from children under 13. The FTC now says its enforcement of COPPA covers internet-connected toys along with already covered websites and apps.