If the original account is to be believed, they did not know the owner’s passcode/PIN. The attackers gained remote access to a device without the passcode/PIN. This suggests it was not phishing.

It sounds like a legitimate usage of the word “hacked” to me. Maybe not the most critical vulnerability because they did not gain full access, but they managed to gain some level of control of the owner’s watch without their permission, and it sounds like the reason was not that they left it lying around unlocked (to be clear it sounds like they got control because the watch was unlocked in the owner’s wrist, but they were accessing it wirelessly- sounds like an issue with Apple’s security model that can be fixed).