A security breach at Suno has leaked internal code confirming the AI music startup scraped over two million YouTube clips plus vast libraries from Deezer, Genius, Pond5 and others to train its models, directly supporting ongoing copyright claims by major labels.
🔥 Breach Details Surface
The hacker, operating under the handle ellie.???, accessed Suno's GitHub and cloud infrastructure via a supply-chain worm targeting an employee account. Shared exclusively with 404 Media, the files expose training datasets totaling 113,000+ hours from YouTube Music alone, 12,000 hours from Deezer, 17,000 hours of lyrics via Genius, and tens of thousands more from stock libraries and score sites.
Code comments detail proxy usage through Bright Data to bypass YouTube's rolling ciphers for stream-ripping, along with scripts hunting for acapellas and podcast RSS feeds. The leak also exposed contact and payment details for hundreds of thousands of Suno users, though the hacker claimed no financial data was compromised and deleted the cache post-breach in late 2025.
⚖️ Lawsuit Fuel Ignites
This evidence aligns precisely with allegations from the RIAA, Universal Music Group and Sony, who sued Suno for willful copyright infringement. The labels claim Suno ripped millions of tracks to build its dataset, circumventing technical protections. Potential statutory damages now exceed $9 billion across 61,000 identified works.
Suno has maintained it trained solely on "publicly available music files found on the open Internet." A spokesperson reiterated that position, but the leaked code provides prosecutors with internal proof of systematic scraping at scale. Music Business Worldwide reports the breach strengthens anti-circumvention claims under the DMCA, weakening fair use defenses.
Creators using Suno expressed mixed reactions on X. Some worry about platform stability or future access restrictions, while others see it as validation of long-suspected practices that devalue human artistry. Independent artists worry their tracks may have been included without consent or compensation.
🌐 Industry Ripple Effects
The incident highlights broader tensions in the AI music ecosystem. Similar questions swirl around Udio and other generators. Labels have settled with some players but appear dug in against Suno, which raised hundreds of millions in funding pre-lawsuit.
For working musicians and producers, the case underscores the need for transparent training data and potential licensing frameworks. Emerging tools may soon require verified, rights-cleared datasets, driving up costs but potentially creating new revenue streams via licensing deals.
Watch for court filings incorporating the leaked code. The breach arrives as regulators eye AI copyright rules, with the EU and US Congress considering bills that could reshape generative audio forever.
Bottom line: The Suno leak hands labels powerful evidence in billion-dollar lawsuits, accelerating industry reckoning over unlicensed training data and forcing platforms toward ethical sourcing.
DRULES AI