I'm so confused now. Did you read about the issue? I wonder if I misunderstood maybe.
As I understand it:
According to the source, Google inserts unique user ID is into database name. An attacker can make a request to Google, pass in this unique user ID into their API and get profile details, for example a photo back.
The attacker does not need access to the database data, only the database name, since the user ID is embedded in the _name_.
You are right it's a leak of a database name, but Google store sensitive data in the database name.
My reading was that a user can be identified by the userid. I'm not sure what other actions just having an userid authorizes, but I would lay that bit on google.
There are clearly two issues here, only the first one of which has been demonstrated. One is the leak of database names, which is on Apple. The other one is releasing sensitive data on insufficient authorisation(just an user id), which would be on google.
As I understand it:
According to the source, Google inserts unique user ID is into database name. An attacker can make a request to Google, pass in this unique user ID into their API and get profile details, for example a photo back.
The attacker does not need access to the database data, only the database name, since the user ID is embedded in the _name_.
You are right it's a leak of a database name, but Google store sensitive data in the database name.