According to Apple, their iCloud suite of services has not been breached, and that the “Oleg Pliss” ransom demand that affected some iPhone and iPad owners did not happen because iCloud as a whole has been breached. Maybe, Apple suggested indirectly, this is all users’ fault for using the same darn passwords for everything.

Victims in Australia and New Zealand woke up early Tuesday morning to find a message from Apple’s “Find My iPhone” service. No, they didn’t pick up someone else’s phone by mistake: the message instructed them to send money via PayPal to an e-mail address without a live PayPal account. People could simply type in their regular passcode or sync the phone to a computer.

Today, the problem spread to some iPhone and iPad owners in other countries, including the United Kingdom and United States. Apple wants everyone to know that whoever is behind the ransom demand, it’s not because of a breach on their end.

In a statement to ZDNet, an Apple spokesperson said:

Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.

My devices have been hacked. What do I do? [Apple Support Forums]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.