https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-...
So in other words when the destination website does not really care about their users safety and the user sends unencrypted exit traffic through Tor then an exit relay operator could do the same like your internet provider (spying/changing your traffic). Properly setting MyFamily does not help in this case.
That's nothing new.
The only news is that it is getting exploited big scale now.