The duration a certificate is valid has been reduced by most browsers. There are new EU regulations that will further shorten this duration over the next couple of years.
What probably happened is, that Dreamtonics forgot to renew their certificate on time. This sometimes happens with smaller teams where not everything is automated and a “once a year” task just is forgotten.
In any case, this does not indicate a hacked website.
Ok, update, I can log in to my user account just fine with my phone when it’s not connected to wifi. When connected to wifi it doesn’t work. So I’m contacting the provider tomorrow