Enlarge / A redacted copy of data FedEx employees left on a publicly accessible Amazon bucket. (credit: Kromtech Security Center)

Passports, driver licenses, and other sensitive documentation for thousands of FedEx customers were left online, possibly for years, in a blunder that left the information available to identity thieves and other malicious actors, researchers said Thursday.

In all, Kromtech Security Center said, researchers found 119,000 scanned documents stored in a publicly available Amazon S3 bucket. The photo ID scans were accompanied by completed US Postal Service forms that included names, home addresses, and phone numbers of people who requested to have mail delivered by an authorized agent.

“Citizens from all over the world left their scanned IDs—Mexico, Canada, EU countries, Saudi Arabia, Kuwait, Japan, Malaysia, China, Australia—to name a few,” Kromtech researchers wrote.