diff --git a/controllers/clusters/kafkaconnect_controller.go b/controllers/clusters/kafkaconnect_controller.go
index b2dffc139..e6a362d37 100644
--- a/controllers/clusters/kafkaconnect_controller.go
+++ b/controllers/clusters/kafkaconnect_controller.go
@@ -19,10 +19,13 @@ package clusters
 import (
 	"context"
 	"errors"
+	"fmt"
 
 	"github.com/go-logr/logr"
+	v1 "k8s.io/api/core/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/tools/record"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
@@ -392,6 +395,15 @@ func (r *KafkaConnectReconciler) handleDeleteCluster(ctx context.Context, kc *v1
 		}
 	}
 
+	err = r.deleteDefaultSecret(ctx, kc)
+	if err != nil {
+		l.Error(err, "Cannot delete default user secret")
+		r.EventRecorder.Eventf(kc, models.Warning, models.DeletionFailed,
+			"Deletion of the secret with default user credentials is failed. Reason: %w", err)
+
+		return reconcile.Result{}, err
+	}
+
 	r.Scheduler.RemoveJob(kc.GetJobID(scheduler.StatusChecker))
 	controllerutil.RemoveFinalizer(kc, models.DeletionFinalizer)
 	kc.Annotations[models.ResourceStateAnnotation] = models.DeletedEvent
@@ -463,6 +475,24 @@ func (r *KafkaConnectReconciler) createDefaultSecret(ctx context.Context, kc *v1
 	return nil
 }
 
+func (r *KafkaConnectReconciler) deleteDefaultSecret(ctx context.Context, kc *v1beta1.KafkaConnect) error {
+	secret := &v1.Secret{}
+	err := r.Get(ctx, types.NamespacedName{
+		Name:      fmt.Sprintf(models.DefaultUserSecretNameTemplate, models.DefaultUserSecretPrefix, kc.Name),
+		Namespace: kc.Namespace,
+	}, secret)
+
+	if err != nil {
+		if k8serrors.IsNotFound(err) {
+			return nil
+		}
+
+		return err
+	}
+
+	return r.Delete(ctx, secret)
+}
+
 func (r *KafkaConnectReconciler) startClusterStatusJob(kc *v1beta1.KafkaConnect) error {
 	job := r.newWatchStatusJob(kc)
 
diff --git a/controllers/clusters/zookeeper_controller.go b/controllers/clusters/zookeeper_controller.go
index a33f57857..f764c1087 100644
--- a/controllers/clusters/zookeeper_controller.go
+++ b/controllers/clusters/zookeeper_controller.go
@@ -19,10 +19,13 @@ package clusters
 import (
 	"context"
 	"errors"
+	"fmt"
 
 	"github.com/go-logr/logr"
+	v1 "k8s.io/api/core/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/tools/record"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
@@ -225,6 +228,24 @@ func (r *ZookeeperReconciler) createDefaultSecret(ctx context.Context, zk *v1bet
 	return nil
 }
 
+func (r *ZookeeperReconciler) deleteDefaultSecret(ctx context.Context, zk *v1beta1.Zookeeper) error {
+	secret := &v1.Secret{}
+	err := r.Get(ctx, types.NamespacedName{
+		Name:      fmt.Sprintf(models.DefaultUserSecretNameTemplate, models.DefaultUserSecretPrefix, zk.Name),
+		Namespace: zk.Namespace,
+	}, secret)
+
+	if err != nil {
+		if k8serrors.IsNotFound(err) {
+			return nil
+		}
+
+		return err
+	}
+
+	return r.Delete(ctx, secret)
+}
+
 func (r *ZookeeperReconciler) handleUpdateCluster(
 	zook *v1beta1.Zookeeper,
 	l logr.Logger,
@@ -384,6 +405,16 @@ func (r *ZookeeperReconciler) handleDeleteCluster(
 		}
 	}
 
+	err = r.deleteDefaultSecret(ctx, zook)
+	if err != nil {
+		l.Error(err, "Cannot delete default user secret")
+		r.EventRecorder.Eventf(zook, models.Warning, models.DeletionFailed,
+			"Deletion of the secret with default user credentials is failed. Reason: %w", err)
+
+		return reconcile.Result{}, err
+
+	}
+
 	r.Scheduler.RemoveJob(zook.GetJobID(scheduler.StatusChecker))
 	controllerutil.RemoveFinalizer(zook, models.DeletionFinalizer)
 	zook.Annotations[models.ResourceStateAnnotation] = models.DeletedEvent