That's Not How It Works
This has nothing to do with the 'Cloud'. All these details have to technically available over the Internet, they can't be isolated. Otherwise you can't manage your mobile, or any other service, account. Whether a server is a cloud VM vs on T-Mobile's property is not even mentioned, or really relevant in this context. There was an API that seems to have been public, or somehow not secured.
With respect, these kind of superficial, idiotic populist comments add nothing to the discussion. I kind of get the sentiment, but it's misdirected and I don't see the point in your post.