looking at the source code, it looks like the site is just sending off the password to *any* email that is typed in
replaced sam's email with mine and then hit the button
solved.