The anonymity network Tor has been the victim of an attack it believes may have been perpetrated by those who pulled out of the Black Hat conference.
Hackers used traffic confirmation attacks to uncloak victims through comparing traffic at the start and end of a relay to determine what belonged to the same circuit.
They also used a Sybil attack, inserting 115 of their own computer servers into the entry relay rotation, accounting for 6.4% of the network total.
Tor co-creator Roger Dingledine said: "While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected.
"Unfortunately, it's still unclear what 'affected' includes."
Tor has removed the malicious relays from its network, and updated its software to prevent similar traffic confirmation attacks from happening in the future. It also plans to grow the network to proportionally reduce the impact of future attacks, and has set up a group to monitor suspicious relays.
Responding to rumours that the attack was to be discussed in a recently cancelled Black Hat talk, Dingledine said "it seems likely" that this was the case.
"In fact, we hope they were the ones doing the attacks, since otherwise it means somebody else was," he said.