AI/TLDR

Suno · 2026-07-15 · major

Suno hacked — leak exposes customer data and reveals YouTube and Deezer music scraping

A November 2025 supply-chain attack on Suno exposed source code plus emails, phone numbers, and partial card data for hundreds of thousands of customers. The leaked code details music scraping from YouTube, Deezer, Genius, and podcasts.

Screenshot from Suno's leaked training-pipeline source code
404 Media

A supply-chain hack on Suno leaked customer data and, along with it, the sources it scraped to train.

Key specs

Customers exposedhundreds of thousands
You tube music scraped113,879 hours
Deezer scraped12,287 hours

Quick facts

CompanySuno
Breach dateNovember 2025
Disclosure date2026-07-15
Attack vectorSupply chain, employee credentials
Data exposedEmails, phone numbers, partial card numbers, source code
Reported by404 Media
Suno statement"Limited security incident that was quickly contained"

What is it?

Suno, the AI music generator behind hits like "BBL Drizzy," was compromised in November 2025 via a supply chain attack on an employee's credentials. The breach exposed source code from 2023 and 2024 plus emails, phone numbers, and partial credit card numbers for hundreds of thousands of customers. 404 Media reported the leak on 15 July 2026.

How does it work?

The stolen source code documents Suno's ingestion pipeline: hours-long tables that pulled 113,879 hours from YouTube Music, 62,117 hours from Pond5, 17,615 hours from Genius, 12,287 hours from Deezer, 19,514 hours from IMSLP, plus material from Jamendo, Freesound, MuseScore lyrics, and 420,000 podcasts. The pipeline searched, downloaded, tagged, and stored each clip for training runs.

Why does it matter?

The Suno leak matters for two audiences at once. Users get direct evidence their personal data was exposed and never disclosed. Record labels suing Suno now have specific numbers to argue that Suno bypassed YouTube's anti-scraping protections — the kind of evidence that turns a fair-use debate into a DMCA claim.

Who is it for?

Suno users, security teams, and lawyers tracking AI copyright cases

Frequently asked questions

How was Suno hacked?
Suno was compromised in November 2025 via a supply chain attack that stole an employee's credentials, giving the attacker access to internal systems including source code from 2023 and 2024. The breach only became public in July 2026 when 404 Media reported the leaked material.
What Suno customer data was exposed?
The Suno breach exposed customer emails, phone numbers, and partial credit card numbers stored in Stripe for hundreds of thousands of accounts. Suno did not notify customers about the November 2025 breach and has publicly described it as a "limited security incident that was quickly contained."
What did the leaked Suno source code reveal about training data?
The leaked code showed Suno's music-scraping pipeline pulled from YouTube Music (113,879 hours), Pond5 (62,117 hours), Genius (17,615 hours), Deezer (12,287 hours), IMSLP (19,514 hours), Jamendo, Freesound, and podcast RSS feeds. Suno's YouTube Music dataset alone contained 2,013,545 music clips.
Does the Suno leak affect the ongoing record-label lawsuit?
The record labels suing Suno argue that deliberately circumventing YouTube's anti-scraping protections violates the DMCA and YouTube's terms of service. Suno's public position is that training on "publicly available music files" on the open internet falls under fair use — a claim the leaked pipeline details now put on the record.

Try it

https://www.404media.co/hack-reveals-suno-ai-music-generator-scraped-youtube-deezer-and-genius/

Sources · 4 outlets

Tags

  • security
  • suno
  • ai-music
  • data-breach
  • supply-chain-attack
  • training-data
  • copyright
  • youtube
  • deezer

← All releases · Learn AI