If you haven't already done so, please submit a ticket at
http://support.fongo.com/anonymous_requests/new regarding this issue. Your SIP password will need to be changed.
I would like to try to guess how the attacker was able to obtain your credentials. Let us run some tests.
1) Run a full system scan using your virus scanner. Did it find anything?
2) Change your email password. It's unlikely your SIP credentials were obtained via your email, but not impossible.
3) Do you forward any ports to your ATA? If so, remove your port forwarding.
4) Do you have a full cone NAT router? Please confirm my guess by running the utility from
http://www.dslreports.com/forum/remark,22292023 . From a command prompt, you may run the command
stun stun.ekiga.net . Let us know the type of NAT you are behind, and the make/model of your router.
In the meantime, change your SIP Port for both lines to a random number between 20000 and 65535 as a temporary measure. It may be worth it to change your RTP ports as well. (All four should be different.) This won't make it impossible to hack you, but it will take longer.