curious one this, they seem to be suggesting it's probably an exploit of passwords that have been shared elswhere (eg ebay) and become compromised. But why would it just be Australian devices?
I wonder if it may transpire to be some Australian facility, such as maybe a University, or Aussie social network, that's the common denominator?
In any case, from what I have read, it is more of a prank than anything else... payments through paypal are traceable, and the payment account apparently doesn't exist. As far as I know the phone can be recovered by various levels of 'reset'.
I'll be watching with interest to see how the full story unfolds.