Note that it's unlikely that anyone has stolen your password but it is possible that they've done other underhanded things with your session. So, you'll want to make sure that all your sessions are expired. You can read about it in this FAQ. If that doesn't make sense, then you should just go to http://www.livejournal.com/logout.bml. If there is a button there that says "Expire all my sessions", then you'll want to click that. This will clear any logins you have on any computer you've logged into.
If possible, you want to choose "Bind to IP Address" when they login as mentioned in this FAQ. This means that if someone manages to keep the session id, they can't use it unless they can spoof your ip address.
Note that I've looked at the code for the current mischief and it doesn't do more than is apparent but that doesn't mean that others won't.
If none of this makes sense, you'd like someone to explain it to you and you're on my friends list, you can call me on my phone and we can chat. You can find my phone number here if you need it.