That was my first thought, too. The student who "hacked" Sarah Palin's email account (he reset her password by answering her security questions using publicly available information) was convicted of a felony and spent a year and a day in jail.
If all you intend to do is get in, nothing else, then it is probably not a crime. The CFAA prohibits "knowingly and with intent to defraud, accesses a protected computer without authorization". There's also a clause about not accessing govt computers (but this was Twitter's server) and not forwarding any secrets you find.
All this guy did was get in and then called the authorities, so he probably didn't 'intend to defraud'. If he tweeted something, which he alludes to in some articles, that might be a felony.
