Suno Hack Reveals Sources: YouTube Music, Deezer, Genius

Get the Tech newsletter
Daily tech — startups, AI labs, chips, the launches that shape the next decade. Free.
- Suno's source code instructions, exposed in a hack reported by 404 Media, directed scraping from "genius_hq, youtube_music, freesound, jamendo, imp, deezer" and stock music libraries, with instructions to filter out "non-music" content.
- Suno said the breach was "quickly contained" after being discovered in November 2025 and exposed only "outdated source code that is no longer in use," and the company chose not to notify its user base.
- The hacker also accessed Suno's customer list containing emails, phone numbers, and Stripe payment details, though Suno claims it does not retain full credit card numbers.
- Leaked dataset files quantified the scraped material: 2,013,545 music clips and 113,879 hours of YouTube Music, plus 17,615 hours from Genius, 12,287 hours from Deezer, and 19,514 hours from IMSLP.
- Universal Music Group, Sony Music Entertainment, and the RIAA have filed copyright infringement lawsuits against Suno over its training practices, with the hack providing rare internal evidence of the data sources at issue.
- Warner Music Group settled its lawsuit against Suno last year and is now jointly developing a new model of the music generator with the company.
- Suno maintains its training relied on publicly available files and is protected under fair use, and says it has built detection filters blocking prompts that reference specific artists, songs, or albums.
Why it matters: The hack hands plaintiffs in the pending UMG, Sony, and RIAA copyright suits concrete internal documentation of which platforms Suno scraped and how much data it ingested — the kind of evidence the source notes was previously scarce. Separately, Suno's decision not to notify users despite a hacker accessing customer emails, phone numbers, and Stripe payment details puts the company's data breach disclosure posture in question.
