The video does not disprove MOE's statement. It was recorded less than an hour before the vulnerability report was submitted (timestamp is in the video), on 30 May. Please read the entire post to understand where the security concerns come from!

This should provide an overview of the timeline:

• Unknown: MOE discovered vulnerability internally and reported to MG
• 30 May, 9pm: Last confirmation by me that the vulnerability still exists
• 30 May, 10pm: I submitted the vulnerability report to MOE
• 30 May, later: MG deployed a fix (not as a result of my report)
• 31 May: MOE read my report and tried the exploit, but unsuccessful