Unfortunately the fact that i had set a password that was broken, says to me the router was very likely 'owned', and can only assumed and by this individual. You're right, this is all after the event, and there's not been any noticeable consequence from it, other than a lot of worry and stress.
I stopped using the router/connection instantly, I have changed passwords, checked gmail settings for fwding, intrusion etc, and come up with nothing.
Fact is they must have gone to a fair bit of effort for this, why else would someone bother cracking codes just for the sake of an extra router to co-opt, when as you say there's many with unprotected p/words, wide open out there? Makes no sense to me. Does this take time? How much in the way of labour would be involved in it.
Then once in, surely after the hassle they would at least try and cause some sort of mischief. I suppose it's possible they hoped i had easy holes after caputring the router, and found that i was at least somewhat careful (i think, but then my tech skills are pretty low - prior to this i was at a 'slightly concerned luddite, who's read a couple of articles' level), didnt bother, but honestly i think at that point they would at least have tried to get in.
Whether they did or not will be impossible to prove, and i have at least not felt any direct consequence of it at this point. My intention was to speculate here, to see what could have, and potentially still be exposed, and i think i've pretty much explored all avenues.
Thanks very much for your time and considered responses on here, and to all who replied. It really is much appreciated.