In a statement on Monday, the Met said the two — Matthew Hanley, 23, and Conner Douglas Allsopp, 21 — had been identified after a long investigation.
The hack, which occurred between 18-22 October 2015, exposed the names, addresses, dates of birth, email addresses, and phone numbers of about 160,000 customers.
The banking credentials of about 16,000 of these customers was also stolen.
Investigating officer, Detective Constable Rob Burrows from the Met's Falcon Cyber Crime Unit, said: “Hanley hacked into TalkTalk's database with the sole intention to steal customer personal data and sell it to criminals and fraudsters for his and Allsopp’s financial gain.
"Allsopp was a willing participant in the crime. If successful, this could have put thousands of people at risk of fraud.
“Hanley thought he was clever covering his tracks, concealing and destroying evidence on his computers, however the extensive investigation, specialist skills and technical expertise utilised by our team led to the identification of these two virtual offenders bringing them into the ‘real world’.
"This secured overwhelming digital evidence leading to the guilty pleas and sentencing today.
“Our investigation proves regardless of the efforts and techniques deployed by cyber criminals to conceal their identities and activities, they will leave a trace and will be identified, pursued and prosecuted.
“I would like to thank the National Crime Agency for providing support and TalkTalk for their assistance and co-operation towards securing these convictions."