Your password could be stored on your computer, and he could have gotten it that way, so a firewall would fix that.
BUT, as you said, it was probably some noob using some programmed he downloaded off the net, check if you have any keyloggers on your computer, give us a HiJackThis log, and also cahnge all the information to your email accounts, and other accounts that is linked to your YM. It's very likely that he has the password for your email account also.
G. Skill 4GB(2x2GB) DDR800
eVGA 8800GTS 320MB
super pi: 1m=20s