It’s not clear how many accounts were involved, but Microsoft is said to have made URLs and metadata available so admins can investigate.