An online casino group based in Cyprus and the Caribbean island of Curaçao left information on 108 million bets exposed on its server, before it was taken down.

ZDNet reported that the Elastic Search server, used by websites for indexing and search purposes and typically installed on internal networks, had been left without a password, allowing for the data to be leaked.

Security researcher Justin Paine had come across the exposed server, by which he determined that the data was from an online betting group handling multiple websites. The games included “classic cards and slot games,” among other types, according to the article.

Among the domains named were kahunacasino.com, azur-casino.com, easybet.com, and viproomcasino.net, owned by several companies, some housed in the same building in Limassol, Cyprus. Others were operating under the same license number issued by the Curaçao government.