Google - Data Breach
Executive Summary
A hacker breached AI music generator Suno and obtained source code revealing the company scraped millions of songs from YouTube Music, Deezer, Genius, and other platforms to train its AI models, along with customer records and Stripe payment information for hundreds of thousands of users. The leaked data confirms allegations in ongoing copyright lawsuits that Suno trained on copyrighted works without permission, showing it ingested over 2 million music clips from YouTube Music alone and hundr...
What Happened
In November 2025, a hacker breached AI music generator Suno and obtained source code from 2023-2024 revealing the company's training data sources and scraping methods. The leaked code showed Suno ingested over 2 million music clips from YouTube Music alone, plus tens of thousands of hours from Deezer, Genius, and other platforms. The hacker also accessed customer records and Stripe payment information for hundreds of thousands of Suno users. Suno confirmed the breach occurred but stated the exposed source code is outdated and no longer in use, and that full credit card numbers were not compromised.
Who Is Affected
Hundreds of thousands of Suno customers had their user information and Stripe payment details exposed in the breach. Additionally, millions of musicians and rights holders whose copyrighted works were scraped from YouTube Music, Deezer, Genius, and other platforms without authorization are indirectly affected, as the leak confirms their content was used for AI training without consent or compensation.
Why It Matters
This breach provides rare concrete evidence of exactly how AI companies build their models by scraping copyrighted material at massive scale from major platforms. The leak validates ongoing copyright infringement lawsuits against Suno and demonstrates that AI companies may be systematically harvesting protected creative works while simultaneously exposing paying customers' personal and financial data through inadequate security practices. The incident illustrates dual privacy and intellectual property risks inherent in generative AI development.
What You Should Do
If you have a Suno account, immediately check your bank and credit card statements for unauthorized charges and consider placing a fraud alert with credit bureaus. Change your Suno password and any other accounts where you used the same credentials. If you are a musician whose work appears on YouTube Music, Deezer, or Genius, consult with legal counsel about potential copyright claims, as this leak may provide evidence for litigation. Monitor your financial accounts regularly for suspicious activity in the coming months.
Summary generated from verified sources and reviewed before publication. How we summarize.