Assuming they didn't actually sit at the computer, it leaves one option. Whenever you are online, people can either deliberately, or by chance find your ip address given to you by your ISP when you log on. This is unique to you whilst online and the connection is two-way. They can then download to your computer a program to let them access your harddisk. This enables them to read your emails, or whatever else the trojan program is programmed to do. If you are on a local network, the same thing can happen, it's just a little easier.
You can stop it with a firewall program and up to date anti virus software.