This was DigiNotar. The breach generated around 50 certificates, including certificates for Google, Microsoft, MI6, the CIA, TOR, Mossad, Skype, Twitter, Facebook, Thawte, VeriSign, and Comodo.
Here is a nice writeup for that breach: https://www.securityweek.com/hacker-had-total-control-over-d...
Edits: I believe this is what you were referring to. It was around 500, not 50. Dropped a 0.
I do remember that breach but that was before Snowden. I'm relatively sure Snowden published some document about the NSA trying to undermine CAs, too.