The same thing happened to me, the prepaid account was used by, as it seems many users, calling different countries.
I tried to figure out what kind of numbers that where called, and most of the was "demo" subscriptions for testing VOIP.
I thought that one had to open the firewall if someone external should be able to call via LinuxMCE? and in that case the
the person using my account would have to go via the provider, how can they then use my account when LinuxMCE already is
registered with the provider?
when the sip client is registering with the provider, is the userid and password encrypted or plain text?
I asked for a new password for the account and the new one was much longer.
anyway, i asked the provider if I could see the log of IP addresses using my account, they informed me that I had to file
a report to the police, and that the police the would then contact the provider to investigate, been waiting since July.