HomeEverythingEducationTV
Equities & FundsCrypto & Digital AssetsAI & TechnologyBusiness & CorporateUS Politics & PolicyGeopolitics & Global RiskMacro, Rates & FXCommodities & EnergyEuropean Politics & MarketsAsia-PacificReal Estate & Property
Story archiveAll categories
← All Stories

Suno AI Leaked Source Code Showing Extensive Data Scraping

Created at 16 Jul · 9:06 PM1 source↑ Market-relevant
IN SHORT

A hacker breached AI music platform Suno, leaking source code that details the scraping of over 113,000 hours from YouTube Music, 62,000 from Pond5, and 12,000 from Deezer. The intrusion also reportedly accessed customer data.

✉Newsletter

PiQ Daily

Pick your topics. Get only what matters, on your cadence.

Key Numbers

113,879 hoursYouTube Music data scraped
152,162 hourstagged YouTube tracks ingested
62,117 hoursPond5 stock library data scraped
12,287 hoursDeezer data scraped
17,615 hoursGenius-associated dataset
1 million hoursplanned podcast audio download
2,013,545YouTube Music clips logged
$150,000per infringement incident sought in lawsuit
$5.4 billionSuno's valuation
100 millionSuno platform users

Who's Involved

Suno
AI music generator platform
Shai-Hulud worm
Malware used in the breach
404 Media
Publication that reported the breach
Recording Industry Association of America (RIAA)
Alleged Suno was ripping songs from YouTube
Warner Music
Settled with Udio
Sony
Active lawsuit against Suno
UMG
Active lawsuit against Suno
Suno AI Leaked Source Code Showing Extensive Data Scraping

↳ Why This Matters

The leak provides concrete evidence of the extensive data scraping used to train AI music models, potentially impacting intellectual property rights and ongoing legal battles within the music industry. It also raises concerns about user data security and AI companies' transparency regarding their training methodologies.

Key facts

  • A hacker breached AI music platform Suno using the Shai-Hulud worm.
  • Leaked source code details Suno's training data, including over 113,000 hours of YouTube Music.
  • The training data also comprised 62,117 hours from Pond5 and 12,287 hours from Deezer.
  • The hacker claims to have accessed hundreds of thousands of customer records, including emails and phone numbers.
  • Suno stated the breach involved limited, outdated source code and did not necessitate individual customer notifications.

A hacker, reportedly using malware named the Shai-Hulud worm, breached AI music platform Suno and leaked source code detailing its extensive data scraping practices. The leaked files, reviewed by 404 Media, reveal that Suno's training dataset included over 113,000 hours of YouTube Music, 62,000 hours from stock music library Pond5, and 12,000 hours from Deezer, among other sources. Internal logs also documented plans to download approximately 1 million hours of podcast audio.

The hacker also claimed to have accessed sensitive customer information, including emails, phone numbers, and Stripe payment data, affecting hundreds of thousands of users. However, Suno has disputed the extent of this compromise, stating that the incident, identified in November 2025, was limited and primarily involved outdated source code no longer in use. The company concluded that individual customer notifications were not required under applicable privacy laws.

This revelation corroborates long-standing allegations from the music industry. The Recording Industry Association of America (RIAA) had previously accused Suno of directly ripping songs from YouTube in a lawsuit amendment. Suno had contested these claims under a fair use defense. Notably, Suno had already publicly acknowledged on its website, in accordance with California's AB 2013 law, that its training data might include music protected by intellectual property rights, referring to tens of millions of publicly available audio files. The leaked code provides specific details previously absent from such disclosures.

Suno's valuation stands at $5.4 billion with around 100 million users. In a parallel case, AI music platform Udio settled with Warner Music in November 2025 and is transitioning to a licensed model. Suno's legal disputes with Sony and UMG remain active.

Frequently asked questions

Suno is an AI music generator platform that allows users to create full songs by typing text descriptions.

The leaked source code indicates Suno scraped over 113,000 hours of YouTube Music, 62,000 hours from Pond5, and 12,000 hours from Deezer, among other sources.

The hacker claims customer emails, phone numbers, and Stripe payment data were accessed. Suno disputes this, stating the breach was limited to outdated source code.

Suno faces lawsuits from Sony and UMG alleging copyright infringement, which the company contests under fair use. The leaked data corroborates industry allegations.

What Happens Next

01Suno's legal cases with Sony and UMG are expected to continue.
02Further scrutiny of AI training data practices is likely.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

How It Developed

A hacker used the Shai-Hulud worm to breach Suno's systems.
Leaked source code reveals Suno scraped over 113,000 hours of YouTube Music.
The dataset also included 62,000 hours from Pond5 and 12,000 hours from Deezer.
The hacker claims to have accessed customer emails, phone numbers, and Stripe payment data.
Suno stated the incident involved limited, outdated source code and did not require customer notification.
The company had previously acknowledged its training data may include music subject to intellectual property protection.

Sources

T1
Leaks Reveal Suno Fed Thousands of Hours of Deezer, YouTube and Pond5 Data Into Its AIDecrypt

Related Stories

X cracks down on content theft with AI detection
16 Jul · 4:51 PM
AMI Labs CEO avoids AGI, superintelligence labels for AI
16 Jul · 3:21 PM
xAI sues user over alleged CSAM generation via Grok chatbot
16 Jul · 8:31 PM
Mira Murati Launches Open-Source AI Model Inkling
16 Jul · 6:31 PM
Period tracker Stardust shared sensitive health data with analytics firm, Mozilla finds
16 Jul · 3:46 PM