AI & TechArtificial IntelligenceCybersecurityNewswireTechnology

Hack claims Suno AI trained on scraped YouTube data

▼ Summary

– A hacker used a supply chain attack to access Suno employee credentials and steal source code showing Suno allegedly scraped audio from YouTube Music, Deezer, Genius, and other sources.
– Suno claims its training on copyrighted material is protected by fair use, but major record labels argue it violates the DMCA and YouTube’s terms of service.
– Competitor Udio has also been accused of scraping YouTube data, and Google faces similar copyright infringement allegations from book publishers.
– The hacker accessed customer data including emails, phone numbers, and partial credit card numbers in Stripe.
– Suno did not notify customers about the November 2025 breach and described it as a “limited security incident that was quickly contained.”

A security breach at Suno, the popular AI music generation platform, has allegedly exposed internal data that confirms the company scraped years of audio content from major streaming services. According to a report from 404 Media, a hacker gained access to an employee’s credentials through a supply chain attack, which then unlocked source code revealing how Suno pulled audio from YouTube Music, Deezer, Genius, stock music libraries, and podcast RSS feeds.

The company has previously acknowledged training its AI on “publicly available music files” found on the open internet, defending the practice under the fair use doctrine, a legal concept that allows limited use of copyrighted material without permission. However, the major record labels currently suing Suno argue that this activity violates the Digital Millennium Copyright Act (DMCA). They claim Suno deliberately bypassed YouTube’s anti-scraping protections, which also runs afoul of the platform’s terms of service.

Suno is not alone in facing these accusations. Competitor Udio has also been accused of scraping YouTube data, while Google, YouTube’s parent company, is fighting similar copyright infringement claims from several major book publishers.

The hacker reportedly accessed a trove of customer data, including email addresses, phone numbers, and partial credit card numbers stored in Stripe. Despite the breach occurring in November 2025, Suno did not notify its customers. The company has since described the incident as a “limited security incident that was quickly contained,” offering no further details on how the data was compromised or what steps have been taken to prevent future breaches.

(Source: TechCrunch)

Topics

ai music generator 95% copyright infringement 93% data scraping 92% supply chain attack 90% customer data breach 89% digital millennium copyright act 88% record label lawsuit 87% fair use doctrine 85% hacker report 83% security incident notification 82%