... I want to know if ... switches bought from the store are hackable or if they're updated to the newest version ...
All current switches have the same bootrom. The bootrom has a known (but currently private) exploit, allowing arbitrary code to be loaded. While the bootrom exploit is currently private, both Team Executor (TX) and Reswitched wizards have indicated it will be released eventually. Therefore, in the long term, any currently available switch will eventually be hackable.
All firmware versions currently available have private exploits (Homebrew / TZ / CFW).
If you want custom firmware when it first releases (fastest), then you will need a 1.0.0 firmware console (now rare).
If you just want homebrew using public exploits, that currently requires a switch at 3.0.0 or lower firmware. To find one, you will have to use the serial number list others have already pointed you to. EBay tends to have them for a premium.
Note that bans are permanent, as the per-console certificates are tied to the hardware's serial and required for all online access. Thus, if Nintendo bans access via revocation of the certificate, not even firmware updates will be available from online sources for that console, and all online services will cease to function. Nintendo may be able to detect the use of homebrew, and may later decide to ban if homebrew usage is detected. Thus, you should expect that you will permanently lose all online services access if you run homebrew / CFW on the switch.