It's not theft, but it could be trespass as it is an unauthorized entry upon property.
In the US, federal law (the Computer Fraud and Abuse Act) basically recognizes the concept of computer trespass (digital trespass, cyber-trespass, etc.). But I think it has only been applied in the context of hacking, where the trespassing user stole the credential. If the credential was being used by the account holder with permission, I don't think they have interpreted that to be "unauthorized".