If you can trigger a password reset on your system and you get the password reset email from this other system, I think it’s safe to assume there must be some connection and not a hack.

For the record, this would not be considered normal behavior for the snap or any other installation.

Do you know this domain it’s coming from? Check the email header and see if you can verify whether your system sent it. Do you have your NC configured to send email through another system that could be overwriting the sender domain?