• 2 min read
Leaked Suno code shows mass scraping from YouTube
Hacked Suno data reportedly shows millions of tracks and lyrics scraped from YouTube Music, Deezer, and Genius to train its music models.

Image: The Verge
Leaked Suno data obtained in a hacking incident offers a rare look at how the AI music company built its training datasets. According to 404 Media, the materials show Suno scraped millions of songs and lyrics from platforms including YouTube Music, Deezer, and Genius.
That matters because Suno is already facing multiple lawsuits over its training practices. In a case brought by the Recording Industry Association of America (RIAA), Suno has acknowledged that it trained its models on copyrighted material, arguing that using copyrighted works and publicly available music files from the open internet is allowed under fair use. The RIAA also alleged in an amendment filed last year that Suno bypassed YouTube’s copyright protections by intentionally “stream ripping” tracks.
Materials shared with 404 Media by a hacker identified as “ellie.191” reportedly support those claims. The leak includes Suno source code from 2023 and 2024, along with instructions for scraping audio from:
- YouTube Music
- Deezer
- Genius
- Pond5
- Jamendo
- Freesound
- International Music Score Library Project (IMSLP)
Other leaked code reportedly indicates that Suno used Bright Data to scrape music from YouTube, and appears to show the company searching for a cappella versions of songs to obtain vocal-only audio.
One YouTube Music file says Suno had collected 2,013,545 YouTube Music clips when it was last updated. Another file reportedly shows datasets containing hundreds of thousands of hours of YouTube Music, thousands of hours from Deezer, Genius, IMSLP, Jamendo, and Pond5, plus hundreds of hours from Freesound and MuseScore lyrics. Additional code also suggests Suno aimed to download roughly one million hours of podcasts using PodcastIndex.

Recommended reading
Mira Murati’s lab unveils Inkling, a 975B open model
“As we have stated in public filings and disclosures, Suno’s AI models have been trained on publicly available music files and related metadata accessible on third-party websites on the open Internet,” an unnamed Suno spokesperson told 404 Media.
Customer data exposed in the breach
The hacker also accessed Suno customer information, including email addresses, phone numbers, and Stripe payment details, according to 404 Media. Some customers contacted by the outlet confirmed they had used Suno and said the company never told them about a security incident.
Suno told 404 Media it became aware of the breach in November 2025 and said it contained the incident quickly.
“At the time, we immediately conducted an investigation and verified that the incident primarily involved outdated source code that is no longer in use at Suno and that no sensitive personal information was compromised. Importantly, Suno does not have access to customers' full credit card numbers in Stripe,” the spokesperson said. “Based on the limited nature of the customer information believed to be involved, we determined that individual notifications were not warranted under applicable privacy laws.”
AI Editor
Ava covers the rapidly evolving world of artificial intelligence, from foundational models and research labs to the real-world economics of intelligence. With a background in computational linguistics, she cuts through the hype to find out what actually works. She firmly believes that benchmarks are just marketing until reproduced in the wild.
via The Verge


