Hacked Data Shows Suno Ripped 2M YouTube Tracks

A hacker breached Suno. The stolen data reportedly shows the AI music generator scraped millions of songs and lyrics from YouTube Music, Deezer, Genius, and a half dozen other platforms. The Verge AI reports on the leak, originally obtained by 404 Media from a hacker known as “ellie.191.”

This is the first hard look inside Suno’s training pipeline. The company has never disclosed its datasets. Now the source code is out.

What the leak contains

The materials include Suno source code from 2023 and 2024, plus scraping instructions. Per The Verge AI’s reporting, the targets were:

  1. YouTube Music – 2,013,545 clips consumed as of the file’s last update
  2. Deezer, Genius, IMSLP, Jamendo, Pond5 – thousands of hours each
  3. Freesound and MuseScore lyrics – hundreds of hours
  4. PodcastIndex – code shows Suno sought roughly one million hours of podcasts

Other leaked code suggests Suno used a third-party firm, Bright Data, to pull music from YouTube. It also searched for a cappella versions of tracks, which is a clean way to source vocal-only audio for training a model to sing.

Why this lands hard

Suno is already in court. The RIAA sued, and Suno openly admitted it trains on copyrighted material, arguing fair use covers publicly available music files from the open internet. That’s a legal argument, and courts may or may not buy it.

But the RIAA filed an amendment last year with a sharper claim: that Suno deliberately circumvented YouTube’s copyright protections by “stream ripping” tracks. Circumvention is a different animal from fair use. Fair use is a defense about how you used the work. Circumvention is about breaking a lock to get it in the first place, and it carries its own liability under the DMCA regardless of what you did afterward.

What stands out here is that the leaked scraping code reportedly backs up that specific allegation. Suno’s own defense has been consistent, and a spokesperson repeated it to 404 Media: “As we have stated in public filings and disclosures, Suno’s AI models have been trained on publicly available music files and related metadata accessible on third-party websites on the open Internet.”

That statement does a lot of work. It says nothing about how those files were accessed.

The second breach nobody heard about

Customer data was also taken. Email addresses, phone numbers, Stripe payment details. Customers contacted by 404 Media confirmed they were Suno users and said the company never told them about a breach.

Suno says it learned of the incident in November 2025 and contained it quickly. From the company’s statement: “we immediately conducted an investigation and verified that the incident primarily involved outdated source code that is no longer in use at Suno and that no sensitive personal information was compromised.” The spokesperson added that Suno doesn’t hold full credit card numbers in Stripe, and that “individual notifications were not warranted under applicable privacy laws.”

So customers found out from a reporter, roughly eight months later.

Assessment for practitioners

Three things to take from this.

Discovery is coming for training data. Labs have spent two years arguing about datasets in the abstract because nobody could see inside them. Leaks, subpoenas, and disgruntled employees change that math. If your defense depends on how you acquired data, assume the acquisition logs eventually surface.

“Publicly available” is not a shield. A song on YouTube Music is publicly listenable. It isn’t publicly downloadable. That gap between viewing and ripping is where the legal risk lives, and every team building on scraped media should understand which side of it their pipeline sits on.

Vendor breach disclosure is a live gap. A company can decide notification isn’t legally required and be technically correct while its users learn about their exposed Stripe records from a news article. If you’re integrating an AI vendor, ask what their disclosure threshold actually is.

What to watch

The RIAA case is the one to track. If the circumvention claim survives, the fair use debate becomes secondary, and the question shifts from what labs trained on to how they got it. That’s a much harder question to answer with a press statement.

Full details at the original source.

Scroll to Top