sequence:- hacker originally reports the IG account, either via web or email;

1. sequence:
2. - hacker originally reports the IG account, either via web or email; unclear
3. - fb writes to the CORRECT email account and says "reply from textsfromyourex@gmail.com" to verify identity, and quote original email.
4. - the original email is easy to quote because it is a formulaic form letter that anyone can know.
5. - hacker writes a spoof email appearing to come FROM textsfromyourex@gmail.com which includes the formulaic copy-paste. hacker performs two attempts.
6. - the first attempt includes yourtextsfromyourex@gmail.com [fake] in the quoted message body.
7. - the second attempt includes textsfromyourex@gmail.com [correct] in the quoted message body.
8. - THEORY: fb broadcasts the reset link to both textsfromyourex@gmail.com [correct] and yourtextsfromyourex@gmail.com [fake]?
9. -hacker owns the fake account
10. -hacker gets reset link
11.  
12. questions:
13. - does something parse the quoted content?
14. - do pw reset links get broadcasted to original AND "verified" (via spoof) new addresses?