if they inform you is it still illegal?
Of course it is. That's why they swiftly removed it when they were caught out... EULA's aren't some magic "if you agree we can do anything" weapon against your customers. Contract law
absolutely has its limits when the purpose of part of a contract is "to achieve an illegal end". Even far simpler non-crime stuff like, eg, trying to restrict the resale of CD's, DVD's or software ("You hereby agree to not lend or resell this CD / software") - the EULA can 'threaten' whatever it wants, back in the real world, courts regularly declare them invalid:-
https://arstechnica.com/tech-policy/2011/01/appeals-court-upholds-first-sale-doctrine-for-promo-cds/
https://arstechnica.com/tech-policy...-upholds-right-to-resell-downloaded-software/
Most courts also tend to take a dim view of "two wrongs make a right" vigilantism for reasons explained earlier. You might get away with that on a small individual scale, eg, you buy a bike for your kid, have it custom modified in a distinctive manner, record the serial no, take a photo, etc, it then gets stolen, you see it later chained up somewhere else, check the number, yup it's yours, so you take a pair of bolt cutters and "steal" it back. But that sure doesn't work with committing different crimes in "revenge", eg, breaking into the home of a pickpocket, or in this case, identity theft / unauthorized access to a network (an actual crime with potential jail sentence) in "retaliation" for software piracy (copyright infringement is classed as a "civil dispute" in most countries for "downloader" and only usually become a proper criminal charge for the actual uploader / if you make multiple physical copies of discs then resell them).
So in this case, they're trying to "cure" a civil dispute by committing an unrelated crime, and in doing so ironically forfeit their ability to pursue people in court without facing more serious counter-lawsuits. If they stuck "we're going to steal your data" in a EULA, they'd be automatically admitting to identity theft / unauthorized access to a network crimes. And as mentioned there's another aspect on top of that which is gross breach of multiple data protection acts, ie, even outside of court-rooms, they can still be fined by regulators regardless of intent of anti-piracy as they still have zero legal right to obtain or hold login data completely unrelated to their software (which could potentially threaten their ability to, eg, continue to sell their games in Europe due to non GDPR compliance).
So in this case, yup, they were absolutely in the wrong, seem to be driven by raw emotion rather than logic and clearly didn't think anything through on the legal side at all.
Facebook
Twitter