It is possible for someone to have set the registry key which controls which user is displayed as the last one to login, but it’s not likely.
One of a few things has happened.
1. User yy is lying and did go into the office, or use remote access to access the other users desktop.
2. Someone who was in the office at 11pm has user yy’s password.
3. Someone has gotten user yy’s password and broke into the network and used this other users machine to access company resources.
I would start by having user yy change there password asap. If they aren’t in the office change it for them and have them change it again when the get in. Run a virus and spy ware scan on all machines which user yy uses.