TechCrunch was tipped off to the data lapse after a person working in the security space found an exposed Amazon-hosted S3 bucket containing over 50 gigabytes of files, including passports and driver licenses that were collected during the donation process.

The researcher said they found the web address for the exposed bucket by viewing the source code of the Freedom Convoy’s webpage on GiveSendGo.

S3 buckets are used for storing files, documents or even entire websites in Amazon’s cloud but are set to private by default, and require a multi-step process before a bucket’s contents can be made public for anyone to access.

The exposed bucket had over a thousand photos and scans of passports and driver licenses uploaded since February 4, when the Freedom Convoy’s page was first set up on GiveSendGo. The filenames suggest that the identity documents were uploaded during the payments process, which some financial institutions require before they can process a person’s payment or donation.