Hi, @Vedant1008 –
I don’t think I can directly answer your question of “how could this user do this”, but I’ll tell you what I would do in this situation.
Read this Zoom Support article about Webinar Reports, and get the Webinar Attendee report with all details. You can tell exactly who logged in and when. From there, you might be able to determine if someone was impersonating this user. Also, I’d ask the user if they shared the registration email with anyone; if they did, anyone logging in with that registration-specific URL will appear with the same name.
Hopefully that helps you answer your own question.