AI Music Generator Suno Hacked, YouTube Scraping Alleged
Original: Hack suggests AI music generator Suno scraped YouTube for training data
Why This Matters
The breach intensifies legal and ethical scrutiny over AI companies' data sourcing practices amid ongoing copyright litigation.
AI music generator Suno was hacked via a supply chain attack in November 2025, exposing source code allegedly showing it scraped audio from YouTube Music, Deezer, Genius, and podcast RSS feeds. Customer data including emails, phone numbers, and partial credit card numbers was also accessed.
According to a report by 404 Media, AI music generator Suno suffered a hack in November 2025 when an attacker used a supply chain attack to obtain an employee's credentials. The breach exposed source code that allegedly reveals Suno scraped decades of audio from YouTube Music, Deezer, Genius, stock music libraries, and podcast RSS feeds. Suno had previously acknowledged training on 'publicly available music files' on the open internet, citing fair use doctrine as justification. However, major record labels suing Suno argue that bypassing YouTube's anti-scraping protections violates the Digital Millennium Copyright Act (DMCA) and YouTube's terms of service. Competitor Udio faces similar allegations. Suno did not proactively notify customers about the breach and described it as a 'limited security incident that was quickly contained.' Customer data exposed included emails, phone numbers, and partial credit card numbers stored via Stripe. Google, YouTube's parent company, separately faces copyright infringement allegations from major book publishers over AI training data practices.