Forum Academy Marketplace Showcase Pricing Features

Prevent identity theft through "email confirmed"


I would like to allow my users (businesses) to share data with their clients via my app. Since you can only see the data and use the special features in my app I need the clients also to become users of my app. To do so I allow businesses to invite their clients by entering their email. In a backend workflow I use “Create an account for someone else”. This will create a new account if the email doesn’t exist or return an existing user. I then send the clients an email asking them to go to my app. At the same time I save the newly created user in a list of the data thing that the business wants to share.

The problem is: how to prevent others to see the data? In the privacy settings, I can choose to share the data only with users that are in the list of my data thing. However I can not choose that the user needs to have a confirmed email. In my opinion that would allow for people to sign up with an email that isn’t theirs and be access the data.

I know that similar questions have been raised here, but without a workable solution. One reason is that just not displaying the data in the app to people with not confirmed emails will not prevent access to that data in general (as described in the bubble documentation).

Does anyone know how to solve that problem?