An unknown number of Apple users throughout Australia received sinister messages from a mysterious hacker named Oleg Pliss that demanded $100 to unlock their iPhones, iPads, iPods and other devices.

The Australian Government’s Stay Smart Online initiative has released a high-priority alert about the hacking event, and the NSW Police has also warned its Facebook followers about the dangers.

Now, Crispin Kerr, the Asia-Pacific managing director of online security company Webroot, has shared his insights into how the scam worked and what Aussies can do to protect themselves in the future.

HOW WAS THE HACKING ACHIEVED?

Mr Kerr said the Apple devices themselves had not been compromised.

The hackers gained access remotely by logging into the users’ Apple storage system, iCloud.

From there, they activated the Find My Phone feature, which allows users to lock down the device remotely in case of theft.

“It is unlikely — but not impossible — that Apple itself was hacked since the hack primarily targeted Australian users,” Mr Kerr said.

“A popular third-party website or service was most likely hacked and user credentials were attained this way.

“Because most users use the same passwords for multiple sites and services, passwords attained from other sources were likely used to gain access to iCloud.”

Apple released an official statement about the hacking yesterday.

“Apple takes security very seriously and iCloud was not compromised during this incident,” it said.

RELATED: Hackers hold Apple users’ iPhones, iPads and iPods ransom through Oleg Pliss scam

IF I’VE BEEN HACKED, WHAT SHOULD I DO?

First and foremost, don’t pay the $100 ransom. The next step is to update your Apple ID.

“Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services,” Apple said in a statement.

“Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.”

Mr Kerr said users could be extra secure by establishing a two-step verification for their Apple ID.

Affected users can regain control of their phones by taking the device out of lost mode through the Find My Phone app on a desktop computer.

For more help, customers should contact Apple directly.

HOW DO I PROTECT MYSELF?

The best defence against hackers is to have a different password for every website, service or account you use.

“It is highly recommended that users create unique passwords for each major website and service they use and also change these passwords regularly,” Mr Kerr said.

WHO ELSE HAVE HACKERS HIT?

Crispin Kerr said this was not a new scam.

“This kind of vulnerability could have been exploited anywhere,” he said. “Popular websites are regularly hacked globally and sensitive data is often stolen.”

Other recent examples include the hacking of eBay accounts and the stealing credit card information from Target’s online customers.

Other high-profile hacking attempts in the past year have included security breaches of LinkedIn, Twitter and Avast.

Originally published as Expert explains how to protect yourself from hackers, after Apple users were hit by iPhone and iPad scam