Tor is a network designed to make locating users virtually impossible, but that all changed on Wednesday when a Tor researcher announced a roughly five-month-long attack attempting to “deanonymize” users.

“The attack involved modifying Tor protocol headers to do traffic confirmation attacks,” a lengthy Wednesday post indicates, explaining that a group of attacking relays joined the network on Jan. 30 and were removed on July 4.

Anyone who accessed Tor from February to the beginning of July may have been “affected,” although it is not yet clear exactly what “affected” means, according to the post.

Upgrading relays to or will close the protocol vulnerability used by the attackers, but “preventing traffic confirmation in general remains an open research problem.”

The issue may be related to a recently canceled Black Hat 2014 session on Tor weaknesses.