I don't know why this is getting downvoted. They did, in fact, acted against someone's setting not to do this, and I completely agree, this is a criminal act, not just a technical glitch.
IMHO storing cookies in a machine explicitly configured to block them seems to fit the "exceeds authorized access" language of the Computer Fraud and Abuse Act.