I m not sure I understand properly. Did he try to hack a random service he encountered? Is that even legal? Where I live (Sweden) it's definitely not legal.
It's become a bit of a grey area thanks to most large companies having bug bounty programs now. I think some researchers just assume that all companies are OK with testing against their production services. IMHO it's almost certainly illegal, but simply won't be enforced unless the hacker/researcher does something malicious.