The leak seems to have started in a small private chatroom on a social media platform called Discord, popular with video gamers.
The documents purport to detail the progress of the Ukraine war, Kyiv's battle plans and US espionage tactics around the world.
According to an investigation by Bellingcat, images of the top secret files were shared as far back as January but they only caught Washington’s attention in early April once the media started reporting on the leak.
On Thursday, US authorities identified the suspected leaker as 21-year-old Jack Teixeira. He has been arrested and taken into custody.
Teixeira is a 21-year-old member of the Massachusetts Air National Guard. The documents are normally accessible only to officials with the highest level of security clearance, raising eyebrows about how a junior member of staff could have accessed this information.
Yet US defence officials told AP he needed such access in his role.
"It's alarming that this person had access to this type of information," said Dan Lomas, a security and intelligence lecturer at Brunel University, London.
"Within the U.S. intelligence community, there are 18 different intelligence organisations. There are hundreds of thousands of individuals who can potentially gain access to documents like this. It's a result of this idea that post-9/1, the government started pushing out as much information as possible for analysts to interpret. The more you push information out, the more likely it'll be leaked due to so many people having access to it," he told Euronews.
The documents appeared in a dark corner of the web focused on gaming and in a small private chatroom. Lomas believes it was understandable the Pentagon did not notice the leak.
"There are so many avenues for people to potentially leak information online. There's so many online chat rooms, and you can anonymise yourself and leak information... This is effectively like searching for a needle in a haystack," he explained.
"But at the heart of the story is the problem of someone actually printing out these documents and taking them home to then post online. think there are also potential issues there regarding the vetting of individuals, but mostly it's about document security and who has access to this. I suspect we'll start to see, if anything, a tightening up of the document handling processes."
However, cybersecurity experts say Discord has been used by criminals and hackers.
“The Discord domain helps attackers disguise the exfiltration of data by making it look like any other traffic coming across the network,” said a 2021 report by Cisco’s Talos cybersecurity team.
But monitoring online private chatrooms also could raise issues in terms of privacy and free speech. Law enforcement agencies don’t have the legal right to monitor a private online chatroom preemptively.
"If they do start doing that, then you have a clash with constitutional rights. You have serious questions about civil liberties and individual freedom in the US," said Abishur Prakash, geopolitics and technology expert in an interview with Euronews.
The intelligence leak does not appear to resemble previous incidents such as in the case of Edward Snowden in 2013.
The big question currently: why did the leaker disclose these documents? The motive remains unclear and the way it happened is very unusual as well, according to experts.
"Intelligence agencies in the U.S. have to ask the question: why are people doing this? It's not about civic duty. It's about something else," said Abishur Prakash.
"This is a unique instance of leakage. We're seeing someone leak information not for political purposes, not whistleblowing purposes, seemingly for the weird reason of wanting to make friends," believes Dan Lomas, security and intelligence lecturer.
"He seems to be someone who wants to reach out to individuals to impress them. One way to do it is to share top-secret, classified U.S. information that might make people think that this person is more important than he really is," he said.
As the investigation unfolds, officials are bracing for the possibility that more classified information could be circulating online.