A security researcher, Abhijeet Kumar, has detailed a bug on a social network which allowed him to bypass username restrictions, allowing only alphanumeric characters with underscores.
He discovered that by using a whole range of special characters indistinguishable from alphanumeric characters, he could register usernames that only looked like they belonged to real users, allowing him to undertake fraudulent activity.
This included bypassing account bans, creating misleading identities, and impersonating legitimate users and organisations.
Kumar reported the bug to the platform via HackerOne, and it has now been fixed.
He was paid a $100 bounty for his research.
The unnamed social media platform was redacted in the blog, but assessments suggest it was Twitter.