Skip to main content

Suno Source Code Leaked: Hacker Exposes Its Large-Scale Music Data Crawling

Suno Source Code Leaked: Hacker Exposes Its Large-Scale Music Data Crawling

Generative AI music platform Suno has suffered a major security breach, with internal source code and data collection logs leaked online. The leaked documents reveal that Suno used automated crawlers to scrape massive amounts of music, lyrics, and audio from platforms like YouTube Music, Deezer, and Genius to train its AI models.

According to reports, the incident occurred in late 2025. A hacker known as "ellie.191" gained access to Suno employee credentials through a supply chain attack and subsequently stole internal company files. One folder contained over 2 million YouTube video clips. The leaked data also shows that Suno's crawler system obtained more than 17,000 hours of lyric data from Genius, over 12,000 hours of song content from Deezer, and over 62,000 hours of audio material from Pond5. The code includes a filtering mechanism to exclude non-music files, ensuring the quality of training data.

Image

This leak could further escalate the copyright lawsuits Suno is already facing. The Recording Industry Association of America (RIAA) previously sued Suno on behalf of major labels like Universal Music, Sony Music, and Warner Music, accusing it of using copyrighted music without authorization to train its AI models. Suno had defended itself based on the "fair use" principle, arguing that publicly available internet data can be used for AI training. However, the data scraping process revealed in the leaked code may become key evidence for copyright holders.

In addition to source code, the hacker also obtained some user database information, including email addresses, phone numbers, and partial credit card metadata processed through Stripe. Suno described the incident as a "limited security event," involving some outdated code, and stated that no complete credit card numbers were leaked. As a result, the company did not proactively notify users.

As the sources of training data for AI companies come under increasing regulatory scrutiny, the Suno incident highlights the complex challenges in generative AI development, including data compliance, copyright licensing, and user privacy protection.

Key Points

  • Suno's internal source code was leaked, revealing large-scale scraping of music data from YouTube, Deezer, and Genius.
  • The hacker obtained over 2 million YouTube video clips and extensive audio/lyric data.
  • The leak could strengthen copyright lawsuits from major record labels.
  • User data including emails and partial credit card info was also exposed.
  • Suno claims it was a limited security event and did not notify users.