Tor discovered an attack that had been active for nearly five months. The attack could have revealed identifying details and other information related to people using the network to access hidden services. The identity of the attackers remains unknown. Tor says they have removed the attacking relays, and released a software update that prevents relay early cells from being abused. The attackers were using a vulnerability in Tor to modify protocol headers in order to perform a traffic confirmation attack on Tor users. Tor first released a blog about traffic confirmation attacks in 2009, and it has been a reoccurring problem since then.”]