But how did he manage to know the balance? I thought that the seeds and private keys are encrypted using AES-256-CBC, and therefore if you only have the file and without a password, you will not be able to know your balance.
If you choose to encrypt the wallet file, then you can gain no information whatsoever without the password.
If you add a password but choose not to encrypt the wallet file, then only the private keys are encrypted. This means you can open the wallet file and view the addresses, balance, and transaction history, but cannot spend anything without the password.
I would add that taking advice from accounts with zero trust asking you to message them privately is incredibly high risk. You can very easily set up and run btcrecover yourself, and you can get all the advice you need to do that in public on this thread.