[10] Malwarebytes responded one day before disclosure in a blog article detailing the extreme difficulty in executing these attacks, as well as revealing that the announced server-side and encryption issues were resolved within days of private disclosure and were not outstanding at the time Project Zero published their research.

This event also resulted in the establishment of a formal bug bounty program by Malwarebytes, which offers up to $1,000 per disclosure as of 2018[update], depending on severity and exploitability.

[13][14] IObit denied the accusation and stated that the database is based on user submissions, and sometimes the same signature names that are in Malwarebytes get placed into the results.

Malwarebytes claims to have served DMCA infringement notices against CNET, Download.com and Majorgeeks in order to have the download sites remove the IObit software.

IObit said that as of version 1.3, their database has been updated to address those accusations of intellectual property theft made earlier by Malwarebytes.