An online casino group based in Cyprus has leaked records on more than 108 million bets.
A report by ZDNet shows the leaked information includes personal details and records of deposits and withdrawals made by clients.
It is understood the affected websites did not protect the Elastic Search server used for indexing and searching with a password, thus leaving them vulnerable.
The casino sites in question include Azur-casino.com, Easybet.com and Viproomcasino.net, which are owned by companies in Cyprus.
The affected operators had their licences issued by the Curaçao government. Many others with similar data breach issues work under the same licence.
A security researcher for Cloudflare, Justin Paine, was the first to discover the leak, which exposed betting history for online slots and table games.
The leaked information of clients included their current bets, wins, deposit, withdrawal and payment details, which appeared in partly altered form.
Also, personal details such as names, usernames, addresses, phone numbers, emails, IP addresses and account balances were exposed.