A substantial number of routers sold in the US today are of the wireless variety, because with rebates, they are often cheaper than the wired kind. Many of these end up in wired-only service. The new owner took it home, plugged it in, and it worked right out of the box. Unfortunately this means that the wireless side configuration was left in the default mode -- so it bears the default SSID, default lack of encryption, default passwords, and default transmitter "on" state.
It is now an insecure wireless access point, and anyone can associate with it. Doing so places them on the new owner's side of his firewall, if any. The new owner is none the wiser. He doesn't have any wireless computers ... so as far as he's concerned, he doesn't use wireless yet.
If this is your situation, read on, learn how to secure your system, and ask in the forum if you have any questions. It's how most of us learned.