![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 64%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Hi. I'm Brian and I'll try to help.
The usual cause of this type of compromise is due to using the same password for more than one account or service. If any service or account using that address and password is compromised, they all will be in short order. Every account or service you have should have a long, complex and unique password. You can check whether or not the address or password is part of a data breach is to visit https://haveibeenpwned.com/. This is a device run by a well-known Microsoft MVP and security expert and is perfectly safe.
As much as I hate to say it, once the address of a Microsoft account gets changed, that account can never be recovered and if you have financial information connected to that account (like a credit card), you should immediately contact the financial institution and inform them so you don't get your money stolen.
Since you were using a gmail.com address as your Microsoft username, you can create a new Microsoft account using that same address, but anything associated with the old account, like games you've purchased, is gone for good.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 47%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)