[x n]

Yes, hacking without some sort of physical access or social engineering is still a very real possibility. Things are hacked and exploits are written every day, whether you hear about it or not. Vulnerabilities in huge websites are found constantly (https://hackerone.com/hacktivity), and the ones I'm mentioning only include the ones that people are willing to disclose. Imagine how many private 0days exist compared to the vulnerabilities that white hats inform the companies about.

"Hacking" in terms of unauthorized access of a computer or data isn't so much difficult as it is time consuming. It's pretty comparable to brute forcing, you try dozens of different things until finally something yields an error of some sort, or whatever you were testing returns something it wasn't supposed to. Some people hit the jackpot early with what they happen to choose to test and what they happen to input, and some people spend hours on end trying to find some sign of a vulnerability.

That isn't to say though that anyone can try a bunch of different shit and expect to find a vulnerability, it obviously requires knowledge and experience to know how many and what different vectors/payloads you can use to yield results and to know what to look for that might give off the scent of vulnerability. Different people have different processes that they go through when trying to hack something and some are more successful than others.