We have a moderately secure site where no one can access any storefront pages or data until they have logged in. There are only 3 admin users who can create new customer accounts, users cannot.
Over a period of 3 days, four records were added to our customer table with no information provided. the only fields that are populated are the GUIDs, dates, and lastIP address. For example: 66.249.67.21 and 66.249.67.47
These IP addresses appear as googlebot. Is there some way Google can bypass admin credentials and create phantom customer records when searching? Since we're not yet trying to attract new customers to our B2B site there's no need for Google to crawl the site. Is there a security hole that we should address?