ARS Technica writes it's unclear how long the hack lasted. Microsoft claims the breach occurred between January 1 and March 28 of this year, while the hackers claim they had access for at least six months:
The hackers, however, dispute this characterization. They told Motherboard that they can indeed access email contents and have shown that publication screenshots to prove their point. They also claim that the hack lasted at least six months, doubling the period of vulnerability that Microsoft has claimed. After this pushback, Microsoft responded that around 6 percent of customers affected by the hack had suffered unauthorized access to their emails and that these customers received different breach notifications to make this clear. However, the company is still sticking to its claim that the hack only lasted three months.Microsoft said it disabled the hacked customer support agent credentials.
Enterprise customers were not affected.