You can password the dev side of your app.
It’s likely a bubble user or someone you know. I know I go to random bubble websites that I find and sometimes create accounts. Just to experience their web flow.
The random worldwide traffic is a pretty common occurance on the web. I don’t know the reasoning, but generally they just send to come and leave immediately.
Just make sure you have strong passwords and none of your data is exposed improperly in the privacy tab. Also only give access to people who you know you can trust.