A hacker has accessed internal source code from AI music generator Suno, revealing that the company allegedly scraped decades of audio from YouTube Music, Deezer, Genius, stock music libraries, and podcast RSS feeds to train its artificial intelligence models. The breach, which occurred in November 2025, was reported by 404 Media, and the hacker claims to have used a supply chain attack to obtain an employee’s credentials.
The alleged scraping and legal implications
Suno has previously acknowledged that it trains its AI on “publicly available music files” from the open internet, and has argued that training on copyrighted material is protected under the fair use doctrine—a subjective exception to copyright law. However, major record labels currently suing Suno contend that deliberately circumventing YouTube’s technical protections against scraping violates the Digital Millennium Copyright Act (DMCA) and YouTube’s terms of service. Competitor Udio has also been accused of similar scraping practices.
Customer data exposed in the breach
According to the hacker, the compromised credentials allowed access to customer data including email addresses, phone numbers, and partial credit card numbers stored in Stripe. Suno did not notify customers about the breach at the time and has characterized the incident as a “limited security incident that was quickly contained.” The company has not disclosed the number of affected users.
Broader industry context
This case is part of a larger trend of copyright disputes over AI training data. Google, which owns YouTube, faces similar allegations from major book publishers regarding its own data scraping practices. The Suno hack provides a rare window into how AI companies may be obtaining training material, and the legal boundaries they are testing.
Conclusion
The Suno breach raises serious questions about both data security practices and the methods used to train generative AI models. As lawsuits progress and regulators scrutinize AI training data sources, this incident may serve as a key reference point in the ongoing debate over copyright and artificial intelligence.
FAQs
Q1: What data did the hacker access from Suno?
The hacker accessed internal source code showing alleged scraping activities, as well as customer data including emails, phone numbers, and partial credit card numbers from Stripe.
Q2: Is scraping YouTube data for AI training illegal?
Major record labels argue that bypassing YouTube’s technical protections violates the DMCA and YouTube’s terms of service. Suno contends that fair use protects its training methods, a position that courts have yet to definitively rule on.
Q3: Did Suno notify affected customers about the breach?
No. Suno did not notify customers about the November 2025 breach and has described it as a limited security incident that was quickly contained.
Disclaimer: The information provided is not trading advice, Bitcoinworld.co.in holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

