A major flaw on T-Mobile's website could have allowed hackers to extract personal information belonging to millions of customers, according to the researcher who discovered it. The bug was fixed on Friday after the company was approached by a security reporter.