Instead, the security firm said the hackers breached its internal systems by exploiting a dormant email protection product within its Office 365 tenant.
Malwarebytes said it learned of the intrusion from the Microsoft Security Response Center (MSRC) on December 15, which detected suspicious activity coming from the dormant Office 365 security app.
At the time, Microsoft was auditing its Office 365 and Azure infrastructures for signs of malicious apps created by the SolarWinds hackers, also known in cyber-security circles as UNC2452 or Dark Halo.
Malwarebytes said that once it learned of the breach, it began an internal investigation to determine what hackers accessed.
"After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails," said today Marcin Kleczynski, Malwarebytes co-founder and current CEO.
Malwarebytes products are not affected
Since the same threat actor breached SolarWinds and then moved to poison the company's software by inserting the Sunburst malware into some updates for the SolarWinds Orion app, Kleczynski said they also performed a very thorough audit of all its products and their source code, searching for any signs of a similar compromise or past supply chain attack.
"Our internal systems showed no evidence of unauthorized access or compromise in any on-premises and production environments.
"Our software remains safe to use," Kleczynski added.
Previously targeted companies include FireEye, Microsoft, and CrowdStrike, with successful intrusions being reported at FireEye and Microsoft.
Updated at 20:35pm ET to replace the source of the intrusion from "Azure AD weakness" to "dormant email protection product." The correction reflects a correction made in the original Malwarebytes report, added post publication as well.