Instarem Data Breach Exposes User Information, Including Amaze Card Details

International money transfer platform Instarem is facing serious backlash after a major privacy breach on Monday night exposed user data — including full names, emails, mobile numbers, transaction history, and even Amaze card details — to other users via the Instarem app and website.

Users across multiple countries, including Singapore and France, reported seeing other people’s personal and financial information when they logged into the app. In some cases, multiple users appeared to be logged into the same account, with support chat screenshots showing different users messaging from a single profile.

The issue reportedly began around 8:50 PM SGT on May 13 and was resolved by 10:00 PM, though Instarem claims the situation was under control within 30 minutes.

What Users Saw

Several affected users reported being able to see the following details belonging to strangers:

• Full name

• Email address

• Mobile number

• Transaction history

• List of recipients

• Last 4 digits of linked cards

• Amaze Card details, including expiry date and CVV

This raises serious concerns about data security and privacy, especially since Amaze cards are connected to users' credit or debit cards.

Instarem’s Response

Instarem sent out emails downplaying the breach, calling it a “technical issue” caused by a system bug. The company stated that a “limited number of users” were affected and that sensitive data such as passwords and identification numbers were not exposed.

However, users and cybersecurity observers are pushing back on this narrative.

“If I could see someone else’s data, could someone else have seen mine?” one user asked.

The official communication from Instarem also stated:

“Your sensitive data was not exposed or accessible.”

Yet, some customers received a second email telling them that their Amaze Card had been temporarily blocked due to possible exposure — and urging them to request a replacement.

This contradiction has led to more confusion and mistrust among users.

Is Your Linked Card Safe?

Despite the breach, the Instarem app reportedly does not store full card details of linked credit or debit cards — only the last four digits. This means that while the incident is serious, the risk to your primary cards is likely low.

Still, some users may choose to replace their Amaze card or monitor accounts for suspicious activity, just to be safe.

Final Thoughts

This serious data breach has raised big questions about how Instarem handles user data and whether enough security checks are in place. The company now faces scrutiny not only from its users but potentially from data protection authorities and regulators around the world.

Customers are demanding more transparency and clearer answers about what exactly happened — and how their data will be protected going forward.

Source: The Milelion