Yes, when you “hack” someone else’s server you are performing “unauthorized access”. Not so with a contract or protocol weakness that can be exploited by, say, submitting (malformed?) transactions to your own node, so you never did any unauthorized access. That’s the difference