This post was originally published on this site.

The AI music generator Suno was hacked, according to a report from 404 Media.
The hacker told the publication that they used a supply chain attack to access an employee’s credentials, allowing them to then access source code showing how Suno allegedly scraped decades of audio from YouTube Music, Deezer, Genius, stock music libraries, and podcast RSS feeds.
Suno previously admitted that it trains its AI on “publicly available music files” on the open internet, arguing that it can train on copyrighted material under the fair use doctrine, a subjective carve out of copyright law. But according to the major record labels actively suing Suno, it is illegal under the Digital Millennium Copyright Act (DMCA) to deliberately circumvent YouTube’s protections against data scraping; it also violates YouTube’s terms of service.
Udio, a competitor to Suno, has also been accused of scraping YouTube data. Google, the parent company of YouTube, faces similar allegations of copyright infringement from a variety of major book publishers.
The hacker reportedly accessed customer data including customer emails, phone numbers, and partial credit card numbers in Stripe.
Suno did not notify customers about the November 2025 breach and claims that this was a “limited security incident that was quickly contained.”



