My application is in an internal testing state and is only available to either people with the file or those who have been added into my internal testing track. However, there have been several new accounts that have been created and logged into today that I am not able to recognize. I know that they are not my login attempts, and I have reason to believe that they are calling my cloudscript since the client cannot post player statistics and the only way they are posted is through my cloudscript. This account has player statistics, which is not possible just from making a new player account. I can see in the player event history that they are calling my cloudscript that updates the player statistics multiple times, which none of this is normal on any other account.
While I do allow the client to update their display name, only some of them had them, and they were all strange names, like "text", "textq", " l l ", etc.
What could be happening here and what can I do to prevent these random accounts from appearing?