AI music generator Suno has been hacked, detailing the data scraping of millions of songs from YouTube, Deezer, and Genius
According to 404 Media, a hacker has breached the company database of Suno, an online AI music generation tool. The hack is said to reveal multiple references to the training data it scraped from YouTube Music, Deezer, Genius, and others.Suno has previously admitted that its tool was trained on "essentially all music f...
According to 404 Media, a hacker has breached the company database of Suno, an online AI music generation tool. The hack is said to reveal multiple references to the training data it scraped from YouTube Music, Deezer, Genius, and others.
Suno has previously admitted that its tool was trained on "essentially all music files of reasonable quality that are accessible on the open internet" as part of court proceedings back in 2024.
The company has argued that it's allowed to train on copyrighted works under fair use protections, while the Recording Industry of America has accused it of unlawfully scraping tracks from YouTube specifically, among other complaints.
And looking at the details, it appears YouTube Music was indeed a primary target. A file entitled "youtube_music" reportedly contains a note that over two million music clips were scraped, while another dataset file notes a figure of "113,879 hours of youtube_music." Alongside "17,615 hours of genius_hq," "12,287 hours of Deezer", and "152,162 hours of ytm_tagged."
These figures, among others, amount to at least a decades worth of music ingested by Suno. The code also suggests that Suno used third-party proxies to scrape songs and other audio media, with PodcastIndex, an open online tool that creates lists of podcast media files, used to identify hundreds of thousand of different podcasts for potential scraping.
A Suno spokesperson said: "As we have stated in public filings and disclosures, Suno’s AI models have been trained on publicly available music files and related metadata accessible on third-party websites on the open internet."
"In November of 2025, we determined that Suno had been the subject of a limited security incident that was quickly contained," the statement continues. "At the time, we immediately conducted an investigation and verified that the incident primarily involved outdated source code that is no longer in use at Suno, and that no sensitive personal information was compromised."
The fair use argument has been made in relation to AI training data before. In June of last year, a US judge ruled that Anthropic's use of copyrighted content to train its AI models fell under fair use protections, but stopped short in regards to claims it used pirated material.
Meta won a similar case later that month, after a judge ruled in favour of the company over claims it trained its AI tools on 13 authors' books without permission.
All of which is to say, there's precedent to suggest this data-scraping behaviour is acceptable under US law. For Suno's part, the company has argued that its tool outputs songs that are significantly different from original works .
"We believe artists deserve both new opportunities and strong protections," a company spokesperson told 404. "That's why we've invested in safeguards designed to help prevent impersonation, and other forms of misuse, while continuing to develop technologies for AI identification."
As for those in the music industry, there is widespread concern around platforms like Suno—and AI's influence on music as a whole. Speaking to The Guardian, Catherine Anne Davies, a musician on the board of directors for the Featured Artists Coalition, said: "Most people don’t even want their work to be used for training AI.
"I’m interested in the way that AI can be assistive in the creative process—if it can make us more efficient, if it can streamline our processes. But generative AI for me, in terms of creative output, is a big no-no at the moment. I’m yet to be convinced"
Original reporting appears on the publisher’s site.
Open original article →