I don't think so, I think that it was a combo of malicious intent and some indexes that never got run. I guess you might call it a bad migration since indexes didn't get run, but that seems more like a catalyst than a root.
https://cdn.auth0.com/blog/20181128-Incident-RCA.pdf