It somewhat depends on what kind of accounts you mean, and how you define hacking. It’s possible, but here’s the bigger explanation.

Someone who works at Facebook(just an example, could be any company) with the appropriate access could probably look up your account data without using your password or installing a virus. This could be done for legitimate support reasons, or be considered hacking if it’s done against policy.

Someone who hacks a company that you have an account with could potentially get access to the same information again without touching your password or computer. These big leaks happen all the time, they’re the ones you hear about on the news, though they usually don’t get full access to everything. They do not usually get the actual passwords for individual accounts, but could get information like name, birthday, credit card, activity, etc.

There’s also a form of hacking called a Man in the Middle attack, where someone will set up a compromised internet connection (usually wifi) that you then connect to thinking it’s fine. This system can then detect your device connecting to certain companies (again I will use facebook as an example) and will instead take the authentication piece your phone sends, and itself send the data to facebook, then get the authorization token from facebook, and send you a fake one. Then it sits in the middle and everything you do it passes on, so it looks like it’s working fine, but it can also send it’s own requests.