This just happened to me as well. Same exact issue, someone used my CC to buy 6000 and a 4000 MS points on my account yesterday.
Even worse, when I logged into my account on Xbox.com, I was logged in as a dummy Gamertag that replaced my old Gamertag. Called MS Support and they suspended my online access while resolving the issue and investigating. Told them to remove all my credit cards from the account too.
Hopefully this is the end of it, gotta contact the fraud department at my bank tomorrow regarding it.
This really sucks. The Xbox support guy was understanding on the phone, but I didn't get a very confident vibe that this was a 'priority fix' from him. Quoted me at 22 days for an investigation.