Suno hack exposes alleged YouTube Music scraping

Get the Tech newsletter
Daily tech — startups, AI labs, chips, the launches that shape the next decade. Free.
- Suno was breached in November 2025 via a supply chain attack that yielded employee credentials, and a hacker told 404 Media the stolen source code shows the company allegedly scraped decades of audio from YouTube Music, Deezer, Genius, stock music libraries, and podcast RSS feeds.
- Suno has publicly acknowledged training on "publicly available music files" and argues the practice is protected by fair use, a position major record labels actively contest in lawsuits alleging violations of the DMCA and YouTube's terms of service.
- The hacker also accessed Stripe customer data, including emails, phone numbers, and partial credit card numbers, according to 404 Media's report.
- Suno did not notify affected customers about the breach and characterized the incident as a "limited security incident that was quickly contained."
- Udio, a Suno competitor, faces similar accusations of scraping YouTube data, and Google, YouTube's parent, is also fighting copyright infringement allegations from major book publishers.
Why it matters: The leaked source code gives record labels already suing Suno fresh evidence for their DMCA and fair use claims, potentially bolstering ongoing litigation. Suno's silence on the Stripe exposure leaves affected customers unaware their emails, phone numbers, and partial credit card numbers were compromised — a disclosure failure layered on top of an alleged scraping scheme.



