Interesting bug. When using the utf8_unicode_* collation, MySQL treats invalid UTF-8 characters (like the X'C29D' string used here) as being equal to an empty string, even in the middle of other strings. Normally this isn't such a big deal, but in certain queries it's a major problem. In particular, this is really really bad if you're using the text as some sort of ID and the ID column is not constrained to be unique (as is the case with SMF's memberName column for some reason).

Those weird users were being added to your list because an SQL query was adding all users who matched memberName in ('') or in EcuaMobi's case memberName in ('Quickseller', ...), and this matched multiple unintended users due to that empty-string confusion. There are security implications here. AFAICT, some serious (but not critical) mischief could've been done by impersonating privileged users in certain cases. I bet there are a lot of sites out there that have more serious vulnerabilities due to this sort of thing. And I never even considered collation as a source of these issues -- it's not something I've given more than a passing glance at previously. This looks like a pretty serious flaw in SQL and/or MySQL which should be publicized more IMO. It's too difficult to reason about correctness here.

- I cleared those users from everyone's trust lists and renamed them. Some similar users probably still exist in the DB, but I don't see the need to search them out.
- I revised all of the database's collation rules to settings which should work as intended. This required locking tables for extended periods of time, which is what caused the other weirdness over the last few hours.
- I made it so you can't use names containing invalid UTF-8 strings or control characters.