Key facts
- A hacker claims to have accessed Suno's source code via a supply chain attack.
- The source code allegedly shows Suno scraped decades of audio from YouTube Music, Deezer, Genius, stock music libraries, and podcast RSS feeds.
- Suno has previously stated it trains its AI on "publicly available music files" under fair use.
- Major record labels are actively suing Suno for copyright infringement.
- The hacker also reportedly accessed customer emails, phone numbers, and partial credit card numbers.
A hacker has claimed to have accessed the source code of AI music generator Suno, alleging that the company scraped decades of audio data from platforms including YouTube Music, Deezer, Genius, stock music libraries, and podcast RSS feeds. The hacker reportedly used a supply chain attack to gain access to an employee's credentials.
Suno has previously stated that it trains its AI models on "publicly available music files" found on the open internet, asserting that this falls under the fair use doctrine. However, major record labels, who are currently suing Suno, argue that this practice is illegal under the Digital Millennium Copyright Act (DMCA) and violates YouTube's terms of service.
In addition to the training data allegations, the hacker also reportedly accessed customer data, including emails, phone numbers, and partial credit card numbers stored in Stripe. Suno did not notify its customers about this alleged breach, which reportedly occurred in November 2025, describing it as a "limited security incident that was quickly contained."
Competitors like Udio have faced similar accusations of scraping YouTube data, and Google, YouTube's parent company, is also facing copyright infringement allegations from book publishers.
