Good write-up about this from “The Desk,” explains how data was taken by “thief” who found open door to all of this data which anyone could have taken if they knew how to find this door, which T-Mobile left open for some reason.
"ABC News wrote that T-Mobile was “breached by hackers,” while Red Ventures website CNET — which has faced some scrutiny for using robots to write stories — claimed T-Mobile got “hacked again.” USA Today characterized the incident as a “hack,” too, and CNN’s headline went so far as to state that the 37 million customers themselves were “hacked.”
But the latest security incident involving T-Mobile and its 37 million customers was not a hack in the conventional sense. The “bad actor” that T-Mobile blamed for the incident simply exploited a door that T-Mobile left open for some legitimate purposes, and used it to harvest data of millions of customers (who, themselves, were not hacked, despite CNN’s headline)."
This from their official press release:
“No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised. Some basic customer information (nearly all of which is the type widely available in marketing databases or directories) was obtained, including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features.”