I think any time your company gets so much bad public comment that they have to rush out a public apology for something that has received a "-gate" suffix, it's reasonable to call that a fuckup.
They're surely paying a lot for their security team. And they know (or should have known) their competitors are offering substantial bug bounties. And they knew (or should have known) that one of their own people was spending significant time and money rewarding people reporting bugs.
The managerial fuck-up I see is not putting those things together and saying, "Hey, we should have a real bug bounty program if we don't want to look like cheap jerks." Apparently they were trying to rectify that, which is great. But if I were a manager there, the question I'd be asking is, "Why did we take so long to recognize and respond to this problem?"
