I wondered the same until the section near the end of the article that mentions that the app creator's email address and password were left unsecured leaving his admin panel exposed.

Seems to me if this was deliberate that the creator would have gone to greater lengths to protect themselves.

Exactly, color me skeptical. I'd never heard of this app, but now there's a headline about it. Users are so numb to data breaches, it probably won't hurt them.