Hack suggests AI music generator Suno scraped YouTube for training data
What happened
AI music generator Suno was hacked — an attacker gained access via a supply chain attack from November 2025 (compromised employee credentials). The leaked source code revealed the scale of Suno's scraping operation; hundreds of thousands of customer records and payment data were also exposed.
Context and impact
Suno faces copyright lawsuits from major record labels. The hack significantly strengthens those cases — providing direct evidence of YouTube scraping, which violates both DMCA protections and YouTube's Terms of Service. Affected customers had not been notified as of reporting date.
Details
- Attack method: supply chain attack — compromised employee credentials (November 2025)
- YouTube Music: 113,879 hours of scraped data
- YouTube Music Tagged: 152,162 hours
- Deezer: 12,287 hours
- Genius: 17,615 hours
- Pond5 Music: 62,117 hours
- Other sources: Jamendo, Freesound, IMSLP, Musescore, podcast RSS feeds
- Customer data: hundreds of thousands of users + Stripe payment information
- Legal status: customers had not been notified as of reporting date
Open original source
TechCrunch