When the scared users would visit the website, they were asked to send €5 to the hacker's PayPal account so he can send them instructions on how to secure their device.How did this happen? It seems that the hacker identified the jailbroken iPhones using port scanning, because those particular devices have SSH running. SSH has to be enabled for the user to log in via Terminal and run UNIX commands, and the default root password often gets forgotten and remains unchanged. The hacker used this fact to hack into the phones.
Although it appears that the hacker didn't misuse any of the data he had access to - afterwards he posted the instructions on the website, apologized and returned the money - it doesn't mean that someone else will not, since the technique is pretty simple to execute and requires only a basic knowledge of networking.
To all iPhone users that have jailbroken their device, it is advised to shut down SSH when it's not needed and to change the default root password.
