How is this possible? Another user authenticates in my app, gets a unique access token, but if a run an api call with that token, it retrieves my accounts data (ad accounts etc)

If i debug the token in the debugger, in the APP SCOPED USER ID, it says my name. How do i fix this? The user is also admin from my app in meta developers