You are running vulnerable version, so no surprise that someone can change your settings when they can get all your usernames and passwords.
It was mentioned in this topic, upgrade, change passwords, add firewall…
http://forum.mikrotik.com/t/advisory-vulnerability-exploiting-the-winbox-port-solved/118771/1