The "Change Password" page is accessable by anyone, and all it does is ask you to type in a user name. It then sends an email to the address set up in the account.
Since the only person who (in theory) has access to your email account is you, they can attempt to change your password all day long and it will never happen. All that does happen is that you receive that email each time. They can't redirect where the email goes (they have no way of even knowing where it's going in many cases). So you don't have anything to worry about. That's why the system is set up the way it is.
In reality, someone probably forgot their login name, and mistyped (or misguessed) yours instead. No big deal; happens all the time. The IP address logging is to allow you to contact the person's ISP if the same person continues to try to get into your account. This is unlikely, though, as trying gets the person nowhere, and that gets boring quickly.
-Troy