AI & TechArtificial IntelligenceCybersecurityNewswireTechnology

Suno scraped millions of songs from YouTube, Genius, and Deezer

▼ Summary

– Hacked Suno data shows the AI music generator trained on millions of songs and lyrics scraped from platforms like YouTube Music, Deezer, and Genius.
– Suno faces lawsuits from the RIAA for using copyrighted materials, arguing it is legally permitted under fair use doctrine.
– The leaked data includes source code and scraping instructions for pulling audio from multiple platforms, supporting allegations that Suno unlawfully stream-ripped tracks from YouTube.
– Suno had consumed over 2 million YouTube Music clips and sought to download roughly one million hours of podcasts for training datasets.
– The hacker also accessed Suno customer information including email addresses, phone numbers, and Stripe payment details, though Suno claimed no sensitive personal data was compromised.

A major data breach at Suno, the popular AI music generator, has revealed that the company trained its models by scraping millions of songs and lyrics from platforms like YouTube Music, Deezer, and Genius. The leaked information, obtained by a hacker and reported by 404 Media, offers an unprecedented look into the company’s training data practices, which Suno has historically kept secret.

This disclosure is especially significant because Suno is currently facing multiple lawsuits alleging it used copyrighted material to train its AI. In a high-profile case brought by the Recording Industry Association of America (RIAA), Suno has admitted to using such material but argues that training on publicly available music files falls under fair use. An amendment filed by the RIAA last year further accuses Suno of illegally circumventing YouTube’s copyright protections by stream ripping tracks from the platform.

The hacker, who goes by “ellie.191,” shared materials that appear to support those claims. The data includes Suno source code from 2023 and 2024, along with specific instructions for scraping audio from YouTube Music, Deezer, Genius, Pond5, Jamendo, Freesound, and the International Music Score Library Project (IMSLP). Other leaked code suggests Suno hired a third-party company called Bright Data to scrape music from YouTube, and that it actively searched for a cappella versions of songs to isolate vocal-only audio.

One file referencing YouTube Music indicates that Suno had consumed 2,013,545 clips from the platform at the time it was last updated. Another file shows that Suno’s datasets included hundreds of thousands of hours from YouTube Music, thousands of hours from Deezer, Genius, IMSLP, Jamendo, and Pond5, and hundreds of hours from Freesound and MuseScore lyrics. Additional code reveals that Suno also attempted to download roughly one million hours of podcasts through a tool called PodcastIndex.

“As we have stated in public filings and disclosures, Suno’s AI models have been trained on publicly available music files and related metadata accessible on third-party websites on the open Internet,” an unnamed Suno spokesperson told 404 Media.

The breach also exposed customer information, including email addresses, phone numbers, and Stripe payment details. Several customers contacted by 404 Media confirmed they had signed up for Suno but said the company never notified them about the security incident.

In a statement, a Suno spokesperson acknowledged the company became aware of a security incident in November 2025 and said the situation was quickly contained. “At the time, we immediately conducted an investigation and verified that the incident primarily involved outdated source code that is no longer in use at Suno and that no sensitive personal information was compromised. Importantly, Suno does not have access to customers’ full credit card numbers in Stripe,” the spokesperson said. “Based on the limited nature of the customer information believed to be involved, we determined that individual notifications were not warranted under applicable privacy laws.”

(Source: The Verge)

Topics

ai training data 95% data breach 95% copyright infringement 93% legal lawsuits 92% hacking incident 91% fair use doctrine 90% web scraping 89% security incident 88% stream ripping 88% music industry 87%