
The documents include blueprints of a military detainee holding facility in southern Iraq, together with geographical surveys and aerial photographs of two military airfields outside Baghdad.
Plans for a new fuel facility at Bagram Air Base in Afghanistan are also accessible online.
The documents were found on Army servers and those of their contractors. Much of it was stored on unlisted FTP sites, which some contractors believed made the documents impossible to find.
For example, contractor SRA International left documents on an unlisted FTP site that could allow hackers to get into US Defence Department computers. The company said that it was unconcerned by suggestions that this might be unsafe.
"The only way you could find it is by an awful lot of investigation," said SRA spokeswoman Laura Luke. The company has since taken the FTP site down.
Bruce Schneier, chief technology officer at BT Counterpane, said: "There is a myth that if someone puts something on the internet and doesn't tell anybody it is hidden.
"It is a sloppy user mistake, and yet another human error that creates a major problem."
A spokeswoman for the US Central Command declined to say whether material accidentally left on the internet had led to a physical breach of security.
One of the documents was a detailed plan of a military prison camp, including access points, guard locations and prisoner holding areas.
The document was password protected but the password was printed on another document on the FTP server.
"It gets down to a level of detail that would assist insurgents in trying to free their members from the camp or overpower guards," said Loren Thompson, a military analyst with the Virginia-based Lexington Institute.
"When you post the map of a high-security facility that houses insurgents, you are basically giving their allies on the outside information useful in freeing them."
All the documents found have been destroyed and the sites shut down, according to Associated Press.