A hack reveals how Suno trained its music AI with YouTube, Deezer and Genius

🕒 Published on Zendoric: July 17, 2026 · 00:24
A hacker who breached Suno's systems, one of the largest AI music generation tools, shared source code and internal documents with the outlet 404 Media detailing where and how the company obtained the material it used to train its models.
A hacker who breached the systems of Suno, one of the largest AI music-generation tools, shared with the outlet 404 Media source code and internal documents detailing where and how the company obtained the material used to train its models. According to this leak, Suno scraped millions of songs and lyrics from YouTube Music, Deezer and Genius, in addition to drawing on stock music libraries such as Pond5, Jamendo, Freesound and the International Music Score Library Project (IMSLP), and on podcasts obtained via RSS feeds.
The hacker also claimed to have accessed information on hundreds of thousands of Suno customers, as well as payment data handled through Stripe, though the article does not detail the exact scope of that second leak beyond mentioning it.
This news comes amid a delicate legal context for Suno, which has been sued on several occasions by the record industry, which accuses the company of having trained its models on millions of copyrighted songs. In the course of those lawsuits —one of which has already been resolved through a settlement—, Suno previously acknowledged that it trained its system on "essentially all files of reasonable quality music accessible on the open internet," which amounted to "tens of millions of recordings." The company's defense has rested on the fair-use argument to justify training on protected works.
What the leak newly contributes, according to 404 Media, is not so much the fact that Suno used protected material —something that had already become clear in the court proceedings—, but the concrete detail of the sources and the scale of that scraping. The Recording Industry Association of America (RIAA) had already accused Suno of pulling songs directly from YouTube, and the leaked data would confirm that practice.
The hacked material includes source code that, according to the article, appears to date from 2023 and 2024, with scraping instructions and comments on the scope of the data collection. One of the files, for example, indicates that the system pulled content from sources identified as "genius_hq, youtube_music, freesound, jamendo, imp, deezer, ytm_tagged," and that "non-musical" content was subsequently filtered out. A specific file called "youtube_music" indicated, as of the date of its last update, having ingested 2,013,545 music clips.
Another document details the volume in hours of the various datasets built by Suno: 113,879 hours of youtube_music, 17,615 hours of genius_hq, 410 hours of freesound, 19,514 hours of imslp, 3,726 hours of jamendo, 62,117 hours of pond5_music, 12,287 hours of deezer, 152,162 hours of ytm_tagged and 103 hours of musescore_lyrics. Together, this represents, according to the article itself, at least several decades of music.
Important note for the reader: the original 404 Media article is behind a paywall and the publicly accessible content cuts off just after listing these figures. In the available text there are no further details on how the hack occurred, what the attacker did with the payment and user data, or Suno's official response to this leak, so this summary is strictly limited to the information appearing in the free portion of the article.
🔗 Related on Zendoric
- Anthropic takes AI distillation to the Senate: when copying agentic capabilities becomes a matter of state · 2026-06-26
- Anthropic, both accuser and accused: the complaint against Alibaba lands amid a regulatory storm · 2026-06-26
- Europe courts Anthropic, but the numbers don't add up: why the Austrian offer reveals a deeper structural gap · 2026-06-29


