The hacker simply scanned for jailbroken iPhones with SSH installed and using the default root password. With this password he then sent what appears to be an SMS alert to the hacked phones that read,
"Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files."
Going to the website directed users to send 5 to a PayPal account, after which they would be e-mailed instructions to how remove the hack.
"If you don't pay, it's fine by me, but remember, the way I got access to your iPhone can be used by thousands of others-they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."
The webpage has since been taken down and the hacker is now offering instructions on removing the hack for free.
If you know what SSH is and have it installed remember to turn it off when not in use or change the default password to prevent this hack. You can find a tutorial on how to do that here.