Ooof yeah that looks like a MFA bomb. Id start by resetting the emails password.
Was there anyway for her to avoid this??
Depends on how it happened. I don't really pay attention to the iOS ecosystem, but apparently there was some sort of vulnerability with Apple IDs or something.
If it's not related to the Apple ID thing, then it could be traditional credential stuffing, meaning that the same password / email got reused on another website that got leaked.