Seems ridiculous for a company who has the word "HACK" all over the inside and outside of their office, to put energy into this. Hire the kid and move on.
It really depends on the intent and extent of the intrusion, which I don't know. If there was no malicious intent and nothing was irreparably damaged, I'd say yeah, hire him. Even Microsoft, when WP7 was jailbroken, hired the hackers and put them on their openness team. The end result so far is that Microsoft allows "developer unlocks" for non-developers, so sideloading is possible.
You'd think tech companies would have learned something from all the retribution the cracker community has laid down in the past few years. If you have security holes, own up to them and fix them. Hire real security teams and have external pen-testing on outward-facing products. And if, after all that, you get breeched still... at least learn something from the attack, and possibly from the attacker.
As far as I know, once you turn something like this over to the FBI or other authorities, it's out of your control. You've already lit the fuse -- where the rocket goes from there isn't your choice.
Hypothetically, could Facebook later say, "Oh, actually, we're retroactively granting him access to our systems, so he didn't actually access beyond his authorization"? Or would that get someone at Facebook charged with making a false report to the authorities?
You'd think tech companies would have learned something from all the retribution the cracker community has laid down in the past few years. If you have security holes, own up to them and fix them. Hire real security teams and have external pen-testing on outward-facing products. And if, after all that, you get breeched still... at least learn something from the attack, and possibly from the attacker.