That excerpt still says it was deployed to all the businesses listed above it, though. So yes it was being used however those businesses used it.

It was in the OpenSSL (for example) as an option you could manually enable. Who knows if anyone actually did, given that everyone who knew enough to specifically ask also heard it was suspicious.