How can I prevent fake customer accounts on my website?

Shopify Discussion

Topic summary

Shopify store owners are experiencing a persistent issue with fake/spam customer accounts being created despite having reCAPTCHA enabled. The fake accounts share common characteristics: labeled as ‘classic’ accounts, often using placeholder names like “123 123”, and appearing to bypass standard security measures including form validation requirements.

Key findings:

  • Standard protections (reCAPTCHA, new customer account system, form validation) are ineffective
  • Accounts appear to be created through a backend vulnerability or API exploit, not through visible front-end forms
  • Multiple users report receiving hundreds of fake accounts within short timeframes
  • Shopify has not publicly addressed the underlying security issue

Attempted solutions:

  • Switching to new customer account login system (unsuccessful)
  • Commenting out account creation code sections
  • Using Shopify Flow app to automatically tag suspicious accounts based on criteria (missing names, zero orders)
  • Creating Python scripts to bulk-tag and segment fake accounts for deletion
  • Additional verification using ChatGPT to identify disposable emails, gibberish patterns, and bulk sign-ups

Current status: The issue remains unresolved at the platform level. Users are managing the problem through automated tagging and periodic bulk deletion rather than prevention.

Summarized with AI on October 25. AI used: claude-sonnet-4-5-20250929.
41

It’s really disappointing that Shopify has done nothing to help this, especially because accounts created this way are getting imported into our MailChimp mailing lists, leading to lots of spam! They’ve essentially turned every Shopify store into a spam bucket.

All of our legitimate customers’ Customer History starts with an entry that they were created by the Helium Customer Fields app (or one of our custom API apps):

chcsep_0-1733176189003.png

Whereas these spam ones report that they are created through the Online Store:

chcsep_1-1733176221195.png

I’ve asked Shopify Support for more details to determine how these customers are created, but to no avail. They just checked my hCaptcha settings. :disappointed_face: