Hello,
I received an email from Microsoft that stated: "We think that someone else might have accessed [my Microsoft email]. When this happens, we require you to verify your identity with a security challenge and then change your password the next time you sign in. If someone else has access to your account, they have your password and might be trying to access your personal information or send junk email."
I just discovered this email from late September, so it is too late to look up the sign-in activity from that time. Is it fair to say that someone may have used my email and password (which they could've gotten from other data breaches) to sign in, but Microsoft prevented them from doing so (without sending a follow up email or text)? I have since changed my password. I didn't get any follow up emails from that time about my password being changed. I thoroughly investigated my account and did not find any unauthorized changes, etc.
If TL:DR: Microsoft wouldn't let someone into my account if they thought somebody else was entering it without verifying it was me first? Is there somebody I can contact from Microsoft to do an investigation?