I am unsure what your contract with your developer is but not having full access to the website would be troubling. However, if your developer is playing games, you can reset their admin password via the database, then login and retake control of your website. I would also recommend changing the database password and possibly the username as well. You will have to change the database information in your app/etc/local.xml
If the developer had access to your hosting admin panel, make sure to reset all email passwords and make sure that none of the accounts are being forwarded.
Change all FTP passwords, and control panel passwords.
This is a start but will not help if they have some other form of backdoor setup on your system. In the future, I would recommend hiring a consultant to work on your behalf. They will have the experience and knowledge to keep your platform secure while utilizing outside development firms.