This was discovered by security researchers Eric Taylor and Blake Welsh last month. This bug was discovered in a security flaw in the MetroPCS payment page. What this means is that the data of the carrier’s customers could have been stolen by hackers and could also potentially lead to email or bank accounts being hacked as well through social engineering.
However the good news is that according to T-Mobile (who owns MetroPCS), it seems that the bug has been fixed so data is no longer exposed. At the same time, this does not cover the past month or even longer in which the data was left sitting out there vulnerable to hackers who may or may not have discovered the flaw before it was reported.
The upside is that to date it does not sound like anything has been stolen or that there have been customers who were affected by this, so perhaps it was nipped in the bud before it go out of hand. In the meantime if you’re a little paranoid about this, perhaps it might be time to start rethinking passwords and login credentials.