FULL ACCOUNT TAKEOVER

## Summary: Using the selfservice portal @ https://mymtn.com.ng/ an attacker can easily takeover any nigerian mtn phone number, and get access to some information, like date of birth, full name, etc. The attacker can also make use of any airtime found on the account. ## Steps To Reproduce: I have made a detailed video showing the process. ## Impact Full Access to the Account Access to some private information, like date of birth, nin, etc Access to use up all credits and airtime on the account, Access to modify the data on the account