What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.
LOL seriously would a VOIP provider operate open SIP without an SBC with no brute force protection? I hope not.
I couldn't say, not my area, but at the end of the day, the fraudulent usage was detected and notified.