That's a clear case of leak of credentials and anyway company are allowed to authenticate info of an indvidaual, all he did is build a app that's access that data with the sold out credentials. I can call that stealing not hacking.
Nor CIA or NIA (which is much ahead of CIA in case of resources...