The warning was issued by the Federal Network Agency (Bundesnetzagentur), which oversees telecommunications, BBC reported.
Researchers say hackers can use an unsecure bluetooth device embedded in the toy to listen and talk to the child playing with it. But the UK Toy Retailers Association said Cayla "offers no special risk".
The TRA also said "there is no reason for alarm". The Vivid Toy group, which distributes My Friend Cayla , has previously said that examples of hacking were isolated and carried out by specialists. However, it said the company would take the information on board as it was able to upgrade the app used with the doll. But experts have warned that the problem has not been fixed.
The Cayla doll can respond to a user's question by accessing the internet. For example, if a child asks the doll "what is a little horse called?" the doll can reply "it's called a foal".