Yes they missed something, from TFA
The theft began with an instant message sent to a Google employee in China who was using Microsoft’s Messenger program, according to the person with knowledge of the internal inquiry, who spoke on the condition that he not be identified.
By clicking on a link and connecting to a “poisoned” Web site, the employee inadvertently permitted the intruders to gain access to his (or her) personal computer...
How google missed a stupid employee? "But" (you yell) " there had to be a flaw that let them gain access!". Yes, there was a flaw:
The attacks took advantage of a flaw in Internet Explorer 6 that was quickly patched, although the damage had been done.
So a google employee in China was using IE6 and clicking on links from someone who claimed to be another employee who wished to remain anonymous?
They missed an idiot. Pure and simple.