If information is complete, attackers gained access to active user sessions by leaking cookies via script injection, access would have been terminated when the cookies were invalidated. They likely did not have access to your password (changing it never hurts though).

Microsoft doesn't care about what you use Windows for as long as you are paying and they have no legal obligation to stop you.

A term used by M$ in the past to drive competing open standards out of the market.