I use it to remap keys on Logitech and Belkin keyboards/controllers.
1) I wasn't phished. I was very inactive at the time, I don't log into live.com, and as a web developer I'm constantly vigilant over phishing attempts anyway. There was absolutely no way I handed my password out. I really don't use ANY Microsoft services besides the xbox as I'm primarily on a Mac.
2) Additionally, as a slightly security-minded guy… my live password at the time was a 16-character string of randomly mixed cases and numbers. It's not the kind of thing that gets handed around with any ease, and it's not some easy to guess word. This wasn't an easy account to obtain through human means… it simply didn't happen that way. I only ever typed that password into my xbox physically and once to renew my live account the previous year.
Luckily, I discovered the two charges for points to my card within 5 minutes and spent the next hour dealing with Microsoft. They said they'd "investigate" and "get back to me in 30 days about whether or not the charges were legitimate"…
… I basically reamed the guy a while as he questioned my claim, then called my credit card company who IMMEDIATELY recognized the problem as it was a known fraud trend. Chase had no problem identifying the purchases as fraudulent and cancelled all payments.
30 days later, my xbox was working again, and no charges, but no appology or recognition of a larger security problem… but had I not been on top of this, I'd have likely been screwed.
In the end, I'm 110% certain this wasn't phishing… my credit card company was 110% certain that the charges were fraudulent… and Microsoft STILL pretends there's nothing to see here.
Good luck in your new ventures!