It seems like the sensitive information is being logged by the app or iOS. The article says that "devices' encrypted logs" were cracked. That info shouldn't be logged at all to begin with. There are similar open source apps for peer to peer communication. In an open source app this kind of issue would have been recognised easily. But knowing Apple this was probably an intentional backdoor.
Basically the sender's phone number and email addresses were stored as hash values, but the hashes were just partial values. The judicial appraisal institute "北京网神洞鉴" created rainbow tables (precomputed table for caching the outputs of a cryptographic hash function, usually for cracking password hashes) to bruteforce the information.
As Chinese mobile numbers follow certain formats (11 digits, starts with 1, known list of prefixes etc.) it is probably very easy to generate a rainbow table for this. Though the article doesn't mention if the phone numbers and email had separate hash values so this is just one way to do it.
AirDrop uses iCloud services to help users authenticate. When a user signs in to iCloud, a 2048-bit RSA identity is stored on the device, and when the user turns on AirDrop, an AirDrop short identity hash is created based on the email addresses and phone numbers associated with the user’s Apple ID.
When a user chooses AirDrop as the method for sharing an item, the sending device emits an AirDrop signal over BLE that includes the user’s AirDrop short identity hash. Other Apple devices that are awake, in close proximity, and have AirDrop turned on, detect the signal and respond using peer-to-peer Wi-Fi, so that the sending device can discover the identity of any responding devices.
This article is about the AirDrop receiver finding out the sender's information, but doesn't mention if the reverse is possible. But if we look at the same AirDrop security page, it is probable that in AirDrop "Everyone mode" an attacker could find out the information of Apple devices around them:
In Contacts Only mode, the received AirDrop short identity hash is compared with hashes of people in the receiving device’s Contacts app. If a match is found, the receiving device responds over peer-to-peer Wi-Fi with its identity information. If there is no match, the device doesn’t respond.
In Everyone mode, the same overall process is used. However, the receiving device responds even if there is no match in the device’s Contacts app.
For people using Apple devices or even other brands, especially in the US, take caution as this is a finding one Chinese local government published, who knows how many vectors of attack the US intelligence agencies is aware of.