I just got three this morning. 
Topic summary
Merchants report waves of duplicate customer accounts with identical info (e.g., fake emails), shown in attached screenshots. The pattern points to bot-driven signups, including a known “Mark Mustermann” bot linked to the Google Sales channel scanning stores.
Impact and vectors: Bots are creating “Classic Accounts” via the /account/register page even when classic accounts are disabled, likely due to exposed legacy templates in older themes. Some merchants also saw cart opt-in paths used. Screenshots of support navigation and duplicates are central to understanding.
Mitigations discussed:
- Enable Google reCAPTCHA on login/create account/password recovery pages (Online Store > Preferences).
- Block/blank the classic registration form by editing theme code (registration-form.liquid), or replace with a non-functional element.
- Use Fraud Filter to flag/block suspicious profiles and orders.
- Ensure welcome emails to new accounts are off to protect deliverability; disable cart opt-in if abused.
Support access: Log in via Contact Us, choose Account > Account security, then Get Support (steps illustrated in screenshots).
Status: Mixed results. Some resolved the issue by combining reCAPTCHA with disabling the registration form; others still see signups and seek further updates. Discussion remains open.