Tyk gateway is authorizing usernames which are not registered for API in Basic Authentication mode

I want to setup Basic authentication for API’s.
Refered to: https://tyk.io/docs/security/your-apis/basic-auth/

Currently I am using Tyk Gateway API to create a new basic authentication user in the Tyk Gateway.
curl --insecure -XPOST -H "x-tyk-authorization: “Authorization_key” -H “Content-type: application/json” -d ‘{
“allowance”: 1000,
“rate”: 1000,
“per”: 1,
“expires”: -1,
“quota_max”: -1,
“org_id”: “org_id”,
“quota_renews”: 1449051461,
“quota_remaining”: -1,
“quota_renewal_rate”: 60,
“access_rights”: {
“apiId”: {
“api_id”: “apiId”,
“api_name”: “index”,
“versions”: [“Default”]
}
},
“meta_data”: {},
“basic_auth_data”: {
“password”: “password”
}
}’ ‘https://192.168.2.2:8080/tyk/keys/testuser1’

Here, I have registered testuser1 to gateway. But all usernames with different numeric part at end such as testuser2, testuser21, testuser100 etc, are being authenticated successfully. Basically testuser??? , where ? contains number are authenticated successfully. Password used is same as registered for testuser1.

Am I doing anything wrong or it is bug at Tyk side.

Thank you in advance…