People register for our webinars using our website which uses the JWT API. The registrations always includes name email and 1 custom field which use information from our database.

This normally works perfectly but at our latest webinar it turns out that at least two people who successfully registered using this method joined the webinar with a second registeration (different id) which has no custom fields and uses a different email that is not in our database. (one of them had a typo the other a alternative gmail adress).

If i request the registrants using the api I find that the normal registrations using our API method contain a lot of empty fields we don't use like address, city, country, zip, state, etc.

But these outliers dont even have those fields. The only fields they contain are  first_name (which has first and last name in it weirdly), email and an empty custom fields array. 

I don't understand how these people got a second registration that i'm pretty sure didn't happen via our website (there is also no log for it on our site)

Can anyone help me please? This problem makes it hard to see which members of our site participated.