You would simply generate all possible MP numbers and try them in parallel. There's no need to find "valid" MP numbers.

I'm not sure of the general form of the CO-style MP numbers - 2 or 3 letters followed by 6 or 5 digits? Let's look at the case of 2 letters followed by 6 digits. That's 676 million. Not an unreasonably large number. If, more generally it's 2 letters + 6 digits or 3 letters + 5 digits, then that's 26*26*36*100000 = 2.4 billion (the 36 is there since the 3rd character can be alphanumeric).

A typical consumer-grade computer with a decent internet connection could perhaps do 10 login attempts per second or 36,000 per hour. So one computer could be working on 36,000 MP account numbers. Since it is doing one PIN attempt per account per hour (to avoid lockout), it would repeat those 36,000 each hour with a new PIN each hour.

You would need approximately 20,000 computers to try all 676 million account numbers (assuming the 2 letter + 6 digit form; multiply by 3.6 to get the more general form). Hackers have bot nets (groups of compromised machines they use for spam and insidious activities like this) that are substantially larger than that.

So breaking all accounts in 14 months is easily within reach. You would likely want to use more machines than I suggested, and probably move the attack around to different groups of machines, so that the IP addresses are spread out to reduce the chance of detection.

Note: this is an academic discussion only.