"By switching up some of the parameters in the GET request, and supplying a stranger's valid T-Mobile US number, he could pull up their account details, such as their email address and handset's unique IMEI number."
This, of course, is more 'hacking' than what weev did against AT&T (he just enumerated id's in the request if I'm not mistaken). And he got thrown in jail for it.