Password reuse thought to have caused the breach across iPod, iPhone and Mac.
Hackers are holding Australian Apple customers to ransom by locking iPhones, iPads and Macs and demanding payment to unlock the products.
Affected devices have been reported across several states in Australia displaying an error message attributing the hack to Oleg Pliss, and instructing users to send $100 (USD) or €100 to a PayPal account.
Writing on the Apple support forums, user veritylikestea said: "I have no idea how this has happened. I am not aware of having been exposed to malware or anything else, although I did recently purchase some new apps – perhaps one of these has something to do with it?"
Many Apple customers were woken during the night when their devices were set into "lost" mode and their passwords were reset, preventing them from accessing the phone.
Bob Tarzey, analyst at Quocirca, said: "There are lots of Apple devices out there – and their users tend be at the wealthier end of the spectrum, compared to the larger Android mass market.
"However, iOS is hard to target with malware due to the walled garden environment in which Apple operates so, unless devices are jail broken by their users, getting malware and unauthorised apps on to their device is hard."
Speaking to several media organisations, Troy Hunt, a software architect at Microsoft, said the attack appeared to be isolated to Australia, and noted that password reuse on non-Apple services may have been responsible for the breach.
"Of course, it also suggests that two-factor authentication was likely not used as the password alone wouldn’t have granted the attacker access to the iCloud account," he added, speaking to the Sydney Morning Herald.
PayPal said that payment account is linked to the email address the hacker had supplied to victims, but added that any money sent would be refunded. At the time of writing, Apple has yet to comment on the matter.
Oleg Pliss is a software engineer and computer scientist at Oracle, and it is likely his name has been misappropriated by the hacker behind the breach.