A hacker slipped into Suno last November. What the intruder found and later handed over to reporters has cracked open the black box around one of the music world’s most talked-about startups. Source code from 2023 and 2024 showed the company systematically pulled audio from YouTube Music, Deezer, Genius and a string of stock libraries and podcast feeds. The numbers add up fast. Over 113,000 hours from YouTube Music alone. Another 62,000 from Pond5. Tens of thousands more from Deezer, Genius and the International Music Score Library Project. In total, decades of sound.
The details come from 404 Media. The hacker, operating under the name ellie.191, used a supply-chain attack. It netted an employee’s credentials and opened the door to internal files. One note in the code listed sources to harvest: “genius_hq, youtube_music, freesound, jamendo, imp, deezer, ytm_tagged.” Non-music tracks would be filtered out. Another file recorded that Suno had already ingested 2,013,545 clips from YouTube Music at the time it was last updated.
But the hack went further. Leaked materials indicated Suno turned to a third-party service called Bright Data to scrape YouTube. The code suggested the company hunted specifically for a cappella versions of tracks. The goal was clear. Gather clean vocal data to train its models on singing. Podcast RSS feeds and services like PodcastIndex were targeted too, with plans to pull roughly one million hours of speech. And customer records for hundreds of thousands of users surfaced as well. Emails, phone numbers and partial Stripe payment details sat exposed.
Suno moved quickly once it learned of the breach. “We immediately conducted an investigation and verified that the incident primarily involved outdated source code that is no longer in use at Suno and that no sensitive personal information was compromised,” a company spokesperson told reporters. Full credit card numbers were never accessible through Stripe, the firm added. Individual notifications were not required under privacy rules. The breach was contained. Yet the training data revelations land at a delicate moment.
The recording industry has sued Suno and rival Udio, accusing both of copyright infringement on a massive scale. The RIAA claims the companies engaged in “stream ripping” from YouTube, a practice that violates the platform’s terms and the Digital Millennium Copyright Act. Court filings show Suno previously admitted it trained on “essentially all music files of reasonable quality accessible on the open internet.” That admission, combined with the fresh technical evidence, gives plaintiffs fresh ammunition. One suit has settled. Warner Music Group struck a licensing deal with Suno late last year and dropped its claims. Others continue.
Yet Suno has raised money at a blistering pace. A $400 million Series D round in June valued the company at $5.4 billion, according to TechCrunch. Investors appear undeterred by the litigation. The startup’s tools let anyone generate full songs from text prompts. Its latest models produce vocals that sound increasingly human. Tracks created on the platform have already charted. Some artists have signed real record deals off AI-generated material. The tension is obvious. The same technology that excites creators risks displacing them.
The leaked code paints a picture of aggressive data collection. Files reference 17,615 hours from Genius HQ. Over 12,000 from Deezer. More than 19,000 from the IMSLP. Pond5 contributed 62,117 hours of music. Even smaller sources like Freesound added hundreds of hours. The company layered these datasets into training runs that filtered, tagged and processed the material at scale. Comments in the code make the intent plain. Pull the audio. Strip what isn’t music. Feed the model.
Industry watchers have long suspected such practices. The new reporting from The Verge and The Next Web confirms many of those suspicions with technical precision. Suno has maintained it trains only on publicly available files and avoids using artist names in metadata to prevent direct copying. Its policy promotes “original creation, by design.” But the distinction between inspiration and infringement remains hotly contested in court. Fair use arguments that worked for earlier AI image generators face steeper tests when applied to commercial music.
Artists on both sides of the debate have weighed in. Some see Suno as a tool that democratizes production. Others view it as theft on an industrial scale. The hack adds concrete evidence to the latter camp’s arguments. It shows exactly which platforms were targeted and in what volumes. It reveals the technical steps taken to bypass protections and gather clean vocal stems. And it underscores how much data was required to reach today’s performance levels. Models need vast libraries to learn melody, harmony, structure and timbre.
So what happens next? The ongoing lawsuits could force clearer rules around training data. Settlements might include licensing agreements that retroactively compensate rights holders. Or courts could draw new lines on fair use for generative AI. In the meantime Suno keeps shipping updates. Its v5.5 model added features for custom voices and taste profiles. Users generate more songs than ever. Some of that output ends up on streaming services, social platforms and even Billboard charts.
The music business has absorbed technological shocks before. Radio, cassettes, Napster, streaming. Each time the industry adapted, consolidated and found new revenue streams. This shift feels different. The barrier to creation has collapsed. Anyone with a prompt can produce radio-ready tracks. The data that makes it possible was scraped from the very catalogs now under legal protection. The hack has made that contradiction impossible to ignore.
Labels, artists and technologists will keep fighting over the rules. Suno will keep iterating. And listeners will keep encountering AI songs that sound a little too real. The question is no longer whether these systems were trained on existing music. The files make that plain. The harder question is what society decides to do about it.


WebProNews is an iEntry Publication