Spedn app Compromised?

I received an email saying I used the app to buy 2.11 dollars worth of something at Baskin-Robins at like midnight last night. But I didn't do that. I checked the app and in the history it has the payment so I assume the email is legit. What's weird is I was drinking a smoothie after the gym with a friend chatting about crypto and showed him the app. I opened the Baskin-Robins barcode thing as an example. The only thing I can think is that somehow someone got a picture of the barcode when I was showing my friend. Is that even possible? I haven't opened the app for like a year or so before this, maybe that triggered something? Anyone have any idea how to proceed? I tried looking for a way to contact flexa but I con't find an email or something on their site. Anyone know what's going on here? I'm not to bummed out about the 2 bucks but it's a cause for concern that someone might have access to my spedn app.