Unprotected Direct Object Reference

Hello MTN Security Team, During my hunting, I discovered that there's an Insecure Direct Object Reference on https://nin.mtnonline.com Vulnerable Path: https://nin.mtnonline.com/nin/success?message=1 Steps To Reproduce: You may not even require to submit any NIN before accessing this unprotected page, Just visit https://nin.mtnonline.com/nin/success?message=1 I discovered that, to see other user's NIN, it only require 2 difference , example https://nin.mtnonline.com/nin/success?message=3 https://nin.mtnonline.com/nin/success?message=5 https://nin.mtnonline.com/nin/success?message=7 https://nin.mtnonline.com/nin/success?message=9 https://nin.mtnonline.com/nin/success?message=11 https://nin.mtnonline.com/nin/success?message=1901 https://nin.mtnonline.com/nin/success?message=1903 https://nin.mtnonline.com/nin/success?message=8001 ## Impact This bug exposed all the submitted Nigerians National Identity Number (NIN) .which can be abused in other way else if found out by a malicious person