Is Trustify’s Ashley Madison app exploitative?

Danny Boice’s new private investigator app was launched in March of this year, just in time to ride the wave of paranoia and suspicion unleashed by the Ashley Madison hack.
Last week, after the so-called “Impact Team” of hackers released a first set of data identifying users of the cheating website, Georgetown-based Trustify made a tool that allows anyone to check whether an email address was contained in the leak.
But now, the company is being excoriated — on Reddit, Twitter and elsewhere — about its follow-up strategy.
In a blog post, Troy Hunt, a Microsoft developer who made a similar, though more privacy-minded tool, summarizes these criticisms.
First, the Trustify app allows users to check the status of other people’s emails. In fact, in an earlier version the app specifically called for entering “your email address (or the email address of your spouse).”
In fact, it encourages users to spread the word on social media through boilerplate messages, whether it be good news:

Or muckraking gossip:
https://twitter.com/Jackie_R_O/status/634615542364549120?ref_src=twsrc%5Etfw
Social media reports show that Trustify had reached out to the email addresses of people who were outed by the leak for apparent marketing purposes and without an advance warning to users who’d punched them in:
https://twitter.com/0x1C/status/634647818326536192
Director of Content Marketing Elliot Volkman said in an email to Technical.ly DC that Trustify had put an end to the practice: “The email alerts that were rubbing some people the wrong way have also been fully discontinued.”
Volkman responded to various angry posts online (including in a now empty Reddit AMA), but recently deleted the messages and made his social media accounts private after receiving death threats.
In an email, founder and CEO Boice explained that the email blasts were vestiges from an earlier version of the app, which informed only the verified users of email accounts of their status in the leak:

The “spam” in question was coming from a tool that we released for our users to check to see if they were personally named in the leak. We emailed a report to the email address they used to check. People started using the tool to check their friends and spouses email addresses (not as tool was intended) and those email addresses got an email.

Boice added that Trustify is now deleting all the emails addresses that have been run through the app.
“We are not using them for anything,” he said.