Users are advised to move away from the Windows operating system to close up flaws exploited by the hackers.
Tor has no idea who mounted the recent online attack, but suspects they were after the identities of browser uses who are often said to be criminals, terrorists and child porn abusers.
Tor is short for The Onion Skin, a nickname for software which hides web user identities beneath encrypted layers of security to cloak their online activities.
The software was developed by the US Navy as a way for servicemen to access the internet while overseas without being traced.
To keep confidential online, Tor routes browsing through a network of servers with secure IP addresses and headers that are almost impenetrable to police and security agencies.
Meanwhile, the Tor network has hidden corners with websites using the .onion suffix that are only accessible through the browser and virtually undetectable.
Although the Tor network is often cited as a black hole for criminal activity, many legitimate users access the web via the browser as well.
Journalists, whistleblowers and anti-government protesters in dictatorships communicate via the service.
New Yorker magazine, for example, has a ‘Strongbox’ web site for cleared users to confidentially share files.
Tor has a theory that the hacking attack was not against the software or network, but directed at Freedom Hosting, a server network sitting within Tor.
Critics accuse Freedom Hosting as a hive of illegal activity that host images and information relating to child abuse.
Another service within Tor is The Silk Road, a network of drug dealers and users that use Tor as a method to ease criminal transactions.
The attackers were targeting users accessing Tor via Firefox browsers on computers running Windows software.
“Switching to another operating system other than Windows is probably a good security move,” said the security advisory from Tor. “This wasn’t the first Firefox vulnerability, nor will it be the last.”
Users are advised to upgrade to a new version of Tor, which includes Firefox that is invulnerable to the bug injected by the hackers.