The business technology website says the Elastic Search server, used by websites for indexing and searching, was not protected with a password, allowing data to be leaked.
Kahunacasino.com, Azur-casino.com, Easybet.com and Viproomcasino.net are among the effected domains. They are owned by several companies from Cyprus.
Other operators that experienced the data breach were found to be working under the same license, issued by the Curaçao government.
Justin Paine, a security researcher for Cloudflare, first discovered the leak, which concerned classic card games and slot games.
The exposed information included current bets, wins, deposits and withdrawals and payment details appeared in a partially-redacted form.
Names, addresses, email accounts, phone numbers, birthdays, usernames, IP addresses and account balances, all linked with betting activity, were all released in the breach.
