Hi pedhed,
I'm Karen, a Microsoft user like you. I'd be glad to help you protect your account. Just to set your expectations, this is a public forum and we do not work for Microsoft nor have access to any user accounts. We can only offer advice based on our knowledge and resources available from Microsoft.
Microsoft takes account security very seriously. If you receive an email from the Microsoft account team and the email address domain is @accountprotection.microsoft.com, it is safe to trust the message and open it. Microsoft uses this domain to send email notifications about your Microsoft account. These notifications can include security codes for two-step verification and account update information, such as password changes.
if Microsoft detected an unusual sign-in attempt for your account, you'll get a notification by email or text message.
I suggest you check all the recent login attempts by clicking this link:
https://account.live.com/Activity
The Recent Activity page shows you when and where you've used your Microsoft account within the last 30 days. You can expand any listed activity to see location details and find out how the account was accessed—using a web browser, phone, or another method.
For more details, please check this link:
https://support.microsoft.com/en-us/help/13782/...
If you see any successful attempts that you don't recognize them, I recommend you to change your password and update your security settings.
To review the steps to change your password, click the link below:
https://support.microsoft.com/en-ph/help/402697...
You can also add a two-step verification with your account. Please click the link below to follow the steps:
https://support.microsoft.com/en-us/help/12408/...
If you do the steps as a precaution, none of your personal information will not be at risk.
I hope this helps.
Keep safe, pedhed!
Sincerely yours,
Karen N.
Independent Advisor