Security

Suno Hack Exposes 2M+ Scraped YouTube Music Tracks

Leaked source code reveals the AI music generator pulled millions of songs from streaming platforms without permission, fueling ongoing copyright lawsuits.

Omega Editorial· July 15, 2026· 3 min read

A security breach at AI music generation company Suno has provided concrete evidence of the massive scale at which the platform scraped copyrighted music to train its models. According to 404 Media, which first reported the details, a hacker who breached Suno in November 2025 obtained source code revealing scraping instructions and quantified datasets from major streaming platforms.

The leaked code indicates Suno pulled approximately 2,013,545 music clips from YouTube Music alone. When measured by duration rather than file count, the datasets show 113,879 hours of music from YouTube Music, 17,615 hours from lyrics platform Genius, and 62,117 hours from stock music site Pond5. Additional sources included streaming service Deezer, Freesound, and the International Music Score Library Project.

What Suno says happened

A Suno spokesperson confirmed the breach to Gizmodo but characterized it as limited in scope. The company stated the incident "primarily involved outdated source code that is no longer in use at Suno" and was quickly contained. The breach also reportedly exposed customer email addresses, phone numbers, and Stripe payment details, though Suno maintains no full credit card numbers were compromised.

Suno did not notify affected customers individually, saying the limited nature of the exposed information did not warrant individual notifications under applicable privacy laws.

The fair use defense

Suno has consistently maintained that its scraping practices fall under fair use protections. The company acknowledged in legal filings that its training data "includes essentially all music files of reasonable quality that are accessible on the open internet." A spokesperson reiterated this position following the breach, stating the company trained on "publicly available music files and related metadata accessible on third-party websites."

The company emphasizes it does not use artist names as training metadata and has built filters to block prompts containing specific artist, song, or album names. However, these safeguards face scrutiny in ongoing litigation.

Legal challenges mount

Major record labels including Universal Music Group, Capitol Records, Atlantic Records, Warner Music, and Sony Music have sued Suno over its training practices. One lawsuit alleges that prompting "1954 rock and roll billy haley comets" produced output that directly copied Bill Haley's style and melody—undercutting Suno's claims about preventing replication of existing works.

The legal question of whether scraping copyrighted material for AI training constitutes fair use remains unresolved. Courts have issued split rulings on similar cases, leaving AI companies operating in a gray area.

Why it matters

The breach transforms abstract legal arguments about AI training data into concrete numbers. While Suno has been relatively transparent about scraping "essentially all music files" from the internet, the leaked code quantifies that claim: over 2 million tracks from a single platform. For artists and labels fighting generative AI companies in court, this data provides ammunition. For the AI industry, it illustrates the scale of unauthorized copying that underpins many commercial models—and the legal and reputational risks of building products before permission frameworks exist.

The details were first reported by 404 Media.

#suno#ai music generation#copyright infringement#data scraping#fair use#generative ai

This is an original analysis by the Omega editorial team. Source reporting: AI Watch.

Want systems like this working for your business?

Book a Call

More in Security

Security· 3 min read

xAI Sues User for Creating Child Sexual Content With Grok AI

Elon Musk's AI company takes legal action against a South Carolina man who allegedly circumvented safeguards to generate explicit deepfakes.

Via AI Watch · Jul 15, 2026
Security· 3 min read

Meta's NameTag Face Recognition: What Exists, What Doesn't

Executives insist the feature doesn't exist while simultaneously describing how it works, creating confusion over face recognition in Ray-Ban smart glasses.

Via WIRED · Jul 15, 2026
Security· 2 min read

Microsoft Security Chief Ousts Executives in AI Push

Leadership shakeup aims to accelerate artificial intelligence integration across the company's security operations.

Via AI Watch · Jul 15, 2026