[research] · · 1 min read
Hacked Files Reveal Suno Scraped Millions of Tracks from YouTube and Other Platforms for AI Training
Leaked source code suggests the AI music generator built its training dataset by ripping audio from protected platforms, including YouTube Music and Deezer, amid ongoing copyright lawsuits.
By ByteBulletin Editors · Editorial Team
A recent hack has exposed the inner workings of Suno, the AI music generator, revealing that the company scraped millions of songs and lyrics from online audio platforms to train its models. The leaked data, reported by 404 Media and TechCrunch, includes source code and scraping instructions that detail how Suno pulled audio from YouTube Music, Deezer, Genius, and other sources.
The hacker, who goes by "ellie.191," accessed the data through a supply chain attack on an employee's credentials. The leaked files show that Suno used a third-party company called Bright Data to scrape music from YouTube, and even searched for a cappella versions of songs to source vocal-only audio. According to a file for YouTube Music, Suno had consumed over 2 million clips from the platform. Other datasets included hundreds of thousands of hours from Deezer, IMSLP, Jamendo, and Pond5, as well as hundreds of hours from Freesound and MuseScore lyrics. The company also attempted to download roughly one million hours of podcasts via PodcastIndex.
These revelations come as Suno faces multiple lawsuits from major record labels, including the RIAA, which allege that the company used copyrighted materials to train its AI models. Suno has admitted to training on publicly available music files, arguing that it falls under fair use. However, the RIAA claims that Suno unlawfully circumvented YouTube's copyright protections through "stream ripping," which would violate the Digital Millennium Copyright Act (DMCA).
The hack also compromised customer data, including email addresses, phone numbers, and partial credit card information stored in Stripe. Suno acknowledged the breach, which occurred in November 2025, but claimed it was "quickly contained" and that individual notifications were not warranted under applicable privacy laws. The company maintains that the leaked source code is outdated and no longer in use.
SOURCES
SHARE
RELATED
[research] ·
Self-Improving Agent Systems: A New Framework for Iterative Autonomy
Researchers propose a method for AI agents to autonomously refine their own capabilities through structured feedback loops.
[research] ·
Sticky Routing MoE: Reducing Expert Switching for More Efficient Inference
New research proposes sticky routing for mixture-of-experts models, keeping tokens on the same expert across layers to cut communication overhead and improve throughput.
[research] ·
Oyster II: A New Framework for Safety Alignment in Large Models
Researchers propose Oyster II, a novel approach to align large AI models with human values, emphasizing robustness against adversarial attacks.