I slightly disagree with the idea that such a significant issue could be caused by the mistake of a single developer.
Companies like this have multiple security checks and extensive reviews before anything goes into production.
Therefore, it's unlikely that one person alone could cause such a substantial issue. It's more likely that a group of people may have miscalculated something.
Nevertheless, everything else you mentioned is definitely true. Even a group of people can make mistakes; after all, we are all humans.