I think you can put malicious data in the bucket and „impersonate“ the deleted bucket, so old code referencing the bucket uses your data instead of throwing an error (?).
replyOr old code referencing the bucket _writes_ data to it, and the attacker can now read it.
reply