"Phishing" is a VERY low-tech way of getting people’s usernames and passwords – they ask you for it. Yeah – seriously. When you get an email from your bank or hotmail account (or just about any site that uses a username/password) that asks you to confirm your username and password via email, you can be SURE it is a "phishing" email. That is, they are fishing for information. Report it as spam and delete it.
This breach was NOT Microsoft’s fault – this was the fault of innocent people who just follow instructions in email. And yes, it IS hard to tell if an email is legitimate or not. A good rule of thumb is to delete that email, then TYPE IN the address of the website you "just got the email from." If the email says it’s from Hotmail – delete the mail and then go to your web browser and type in www.hotmail.com (or www.usbank.com or www.comcast.com, etc.)
If there really is a problem with your account, they will have some information on their website, or on your account. You can also just call the company who supposedly sent you the email.
In any case, if you have a Microsoft Passport, Windows Live ID, or Hotmail address – go change your password NOW!!