Hello,
Please see the following documentation:
Get access on behalf of a user
https://learn.microsoft.com/en-us/graph/auth-v2-user
My guess is you are using Read.All permissions. This kind of permissions will allow you to read all user's information in your tenant.
If this is helpful please accept answer.