This can actually be very serious, depending on the circumstances. My website has some very basic information on the topic: http://www.chadvancleave.statelawyers.com/ .
But basically, below, you will find a rundown of the statutes that can be invoked for criminal liability. Section 1029 is the one that most directly concerns you.
My guess, however, is that the government will have very little interest in what you may have done, unless there was some actual harm done, or some other use of the password XXXXX other information obtained by use of it OR if the ex boyfriend has some significant law enforcement connection that would be interested in the breach suffered by this particular person.
Most states have statutes that mirror or are similar to the federal statutes which may be more problematic because states tend to go after smaller stuff.
How you came by his password XXXXX be important, as well. If he had given it to you while you were still together would be better than if you had obtained it somehow after you were no longer together.
Unless he files a complaint, you have nothing to worry about, but it is never fun to have something like this hanging over one's head.
To answer the question of what kind of trouble you could get into, the statute for Section 1029 contains provisions for maximimum sentences of 10, 15, or 20 years, depending on the circumstances, as well as forefeiture of property used to commit the offense, but practically speaking, this is a minor potential offense of the statute, and I would expect that, even if something were made of it, it would be disposed of with something other than prison time.
ALL THAT HAVING BEEN SAID, THINGS LIKE THIS THAT USED TO BE NO BIG DEAL ARE REALLY A BIG DEAL NOW, AND SHOULD NOT BE TREATED LIGHTLY. EVEN SOMETHING RELATIVELY INNOCENT LIKE THIS COULD BE CONSIDERED HACKING, UNLAWFUL USE OF A PASSWORD, OR EVEN INTERNET STALKING, AND IT IS A GOOD IDEA NOT TO EVEN RISK IT.
See my website for more details. Click on the "Computer Crimes" link.
Unauthorized Computer Access (Intruders/Hackers) 18 U.S.C. § 1030
This crime typically involves someone breaking into a computer system of a business, school, or government for any unlawful purpose. The range of facts dealing with this crime are limitless. This can include the sort of "hacking" that is the subject of "Law and Order" type television shows, but it can also include unauthorized installation of the spyware that many of us are so familiar with. It can also include the installation of software that is designed and marketed to spy on ones significant other to discover whether that significant other is "cheating".
The most interesting new development in this area of the law is the "trojan horse". In one case, an individual whose computer was identified through back tracking by the FBI was prosecuted under this statute because his computer had hacked into a government computer system. The defense argued, for a number of reasons, that someone had, without the defendant's knowledge, through email, installed a "trojan horse" program that took over the defendant's computer and actually did the hacking, and then, through sophisticated programming, self-destructed. The expert witness for the defense testified that such programs do exist, and was very likely what happened in this case. The defendant was acquitted.
Illegal Capture, Trafficking, and Possession of Passwords 18 U.S.C. § 1029
This statute is primarily directed at credit card fraud and cell phone fraud, but, by its language, encompasses the use of a computer to seek out username and password XXXXX or the sale of those usernames and/or passwords. "Phishing" is a term commonly used to describe the most common embodiment of this crime today. In phishing, an individual will try to get another person, either through email, a website, or over the telephone, to divulge his PIN numbers, credit card information, usernames, or passwords, and then use them for fraudulent purposes, or sell them to someone else.