According to a report on Heise Online, the German IT security portal, users of version 0.2.1.22 or 0.2.2.7-alpha of the client software – which acts as an interface between the custom version of Mozilla that the project recommends and the internet – are being asked to upgrade to the latest edition. The update is required, says the newswire, because two of the Tor projects' seven directory authorities – moria1 and gabelmoo – along with the statistics server have been hacked.
No data on user identities or IP information appears to have been compromised, as the Tor project – which was founded by security researchers Roger Dingledine, Nick Mathewson and Paul Syverson back in 2004 – was designed to operate on a distributed basis.
The two compromised servers were taken offline earlier this month, as soon as the system hacks were discovered. After wiping and updating, the servers are now back online, but the project says that the two versions of the aforementioned Tor client software must be replaced as they point to the old server addresses.
Unconfirmed indications suggest that the two servers were hacked to gain access to the high anonymous bandwidth they offered, but Heise Online says that the hackers "set up some SSH keys and used the servers to launch other attacks".