What essentially happened was that a database that was used internally for the purposes of storing analytics pertaining to support cases consumers had filed had not been properly secured. Due to a misconfiguration of their security protocols for that database it was essentially left open for anyone to access if they tried, and this resulted in a whopping quarter billion users account details being available for anyone to steal.
An independent security researcher by the name of Bob Diachenko was the first person to spot this database and reported it to Microsoft on the 29th of December, and it took Microsoft a couple of days to patch the loophole and secure all of these accounts once again.
However, the fact of the matter is that this breach occurred over a period of 26 days which means that there was plenty of time for data to have been stolen. If you are contacted by anyone claiming to be Microsoft customer support you should be wary of them because of the fact that it is very possible that they are malicious actors using stolen data to try and trick you into downloading a virus or something even worse.
Read next: 12 Reasons to Strengthen Your Security Posture Now (And How to Do It)