On April 14, 2019, Microsoft alerted some account owners that Microsoft Outlook and Hotmail email addresses had been compromised over a three-month period.
According to Microsoft, “We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account.” It also said “[U]pon awareness of this issue, Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access.”
The unauthorized access occurred between January 1, 2019, and March 28, 2019.
Microsoft recommends that users change their passwords and “be careful when receiving any emails from any misleading domain name, any email that requests personal information or payment, or any unsolicited request from an untrusted source.” This is a sound practice at all times, not just when you have been alerted by your email provider that an account has been compromised.