A weakness that could be exploited in Tor is how the protocol tends to route traffic to devices which claim to have high amounts of bandwidth available. By modifying the software, a malicious user could attract more traffic through the network, and by setting up several of these servers, the chances that two could be included on the same path are increased.
If two malicious servers are included at the start and end points in a path, it becomes possible to identify the sender and receiver of the communications passing through. The original research team noticed the huge reaction to the news, and so posted an FAQ and claimed, "Tor is the most secure and usable privacy-enhancing system available".
This particular attack has never been seen outside of the lab and the team made suggestions on how to combat it. The suggestions include comparing bandwidth claims made by routers against observed performance and implementing "location diversity". Tor is used for many purposes, including providing Internet users in censored countries with a way to access any information and also sometimes to anonymize activity on P2P networks.
Source:
Ars Technica