Facepalm

In high school, some friends essentially did the same thing. They fired up the tech support chat, using a real customer's username that the company included in a screenshot on the homepage as part of their product demo, and told support they needed them to send over the password because so-and-so was out of the office and they needed access. Support sent along full credentials. The software in question was a messaging app that my friends wanted to use on the school computers to chat while in class. Very innocuous, and no real harm or national security concerns.

FBI eventually got involved, and friends got put on double secret probation at school as a result. The dean of students later made an announcement at an assembly that he recently had to expel two students for "sending an email to California", all this while I was actively sitting next to one of said "expelled" students during the assembly.

Since they were both minors at the time, no real long-term issues came from it. One even worked for the feds for a while after college.