diff --git a/package-lock.json b/package-lock.json
index d8aeeaf..0e7fcdd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "auth-server",
-  "version": "1.7.6",
+  "version": "1.7.7",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "auth-server",
-      "version": "1.7.6",
+      "version": "1.7.7",
       "license": "ISC",
       "dependencies": {
         "bcryptjs": "^2.4.3",
diff --git a/package.json b/package.json
index 15d4af2..7d1c099 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "auth-server",
-  "version": "1.7.6",
+  "version": "1.7.7",
   "description": "An API centric auth server. Uses Sequelize and mariaDB by default.",
   "main": "server/server.js",
   "scripts": {
diff --git a/server/auth/signup.js b/server/auth/signup.js
index ea65ca6..bf9ddf5 100644
--- a/server/auth/signup.js
+++ b/server/auth/signup.js
@@ -121,7 +121,21 @@ const checkThrottle = async (email) => {
 }
 
 const registerPendingSignup = async (body, hash, token) => {
-	const record = await pendingSignups.upsert({
+	//BUGFIX: delete existing pending signups that clash
+	await pendingSignups.destroy({
+		where: {
+			email: body.email
+		}
+	});
+
+	await pendingSignups.destroy({
+		where: {
+			username: body.username
+		}
+	});
+
+	//record it
+	const record = await pendingSignups.create({
 		email: body.email,
 		username: body.username,
 		hash: hash,