An attack on children’s toy and electronics company Vtech allowed a computer hacker to access pictures of customers’ children, according to Vice Media’s Motherboard section.
Last week, BBC News reported many children’s addresses had been accessed.
And, on Monday, Vtech confirmed five million customers had been affected and suspended trading in its shares on the Hong Kong stock exchange.
The US states of Connecticut and Illinois are investigating the attack.
Vtech makes many technology products with cameras, such as child-friendly tablet computers and a smartwatch, which can be used to chat with parents.
And the hacker told Motherboard they had accessed archived chat logs but were not planning to release them.
However, Motherboard has released what it says is an audio recording of a conversation between a parent and their child.
But the BBC has been unable to confirm the authenticity of the message.
And Vtech has not responded to requests for comment on the matter.
A statement from the Hong Kong-based company, posted on Monday, made no reference to pictures or audio recordings.
It reiterated no credit card or social security data had been stolen in the breach.
Security experts have rounded on the company for failing to provide what they said were basic protections against cyber-attacks.
Troy Hunt, an Australia-based security researcher who was able to analyse the hacked data, posted a detailed breakdown of Vtech’s services on his website.
He said: “All communications are over unencrypted connections, including when passwords, parent’s details and sensitive information about kids is transmitted.”
Security experts also warned other connected toys could be targeted by hackers.
Thirteen other Vtech services have been taken offline by the company as a precautionary measure.