Wateen Telecom, through its Self Care, is offering its customers to know their latest account status along with a facility to recharge their accounts, but the alarming thing is that system neither asks for any password nor system generated user name; instead all customer’s private information is revealed by just submitting random names.
Here on this url: http://18.104.22.168/selfcare simply guess and enter names like: Bilal, Aslam, Aamir, Huma, Najma etc.
P.S. You don’t need to be a Wateen customer to enjoy personal information of Wateen users;
Below is screen shot of a random customer, interestingly there is a sign out button for a page which never asked for sign-in.
Thanks to Zofeen for the tip