First of all: Sorry, i know there is no scope “Deck” but both Joas and Jus pointed me to hackerone to report this security issue.
Attacker is able to see confidential or private data from previous users with the same user name.
Since the private data of the users is sacred, it is a no-go that the data isn’t hard deleted form the database when the user account gets deleted, but it is even worse that another user with the same username can read all the stuff (without any effort to restore data).