It's possible that a person is unlocking the in app purchase for his or her friends, or that there is a hacker, or anything. But if you've blocked the receipt, you should be fine unless another receipt pops up with the same problem. I'm currently having a similar problem with receipt verification. For some reason, receipts from Cut the Rope are being verified against my server, but as my server doesn't recognize the product identifier, it doesn't unlock anything.
There really is no way to prevent this from happening as the receipt the hacker used was valid. You can only monitor your database and block problematic receipts as they arise. The only way to automatically prevent this is to block a certain receipt if it is being used many times within a short period of time.