um… first and foremost, how was the unauthorized user created? Was your system compromised?
I would strongly suggest using the admin interface to manage users. It’s in the ‘mail’ dropdown menu.
however, user data used by the admin interface lives in an sqlite database here: /home/user-data/mail/users.sqlite. I would strongly recommend against messing with that unless you really know what you are doing.