Leaks Reveal Suno Fed Thousands of Hours of Deezer, YouTube and Pond5 Data Into Its AI
A hacker broke into AI music platform Suno and walked out with source code that documents, in precise detail, exactly where the company's training data came from.
The breach was first reported by 404 Media, which reviewed the leaked files. It confirms what the music industry had been saying in courts since 2024.
The intruder claims to have used a piece of malware called the Shai-Hulud worm---named after the enormous sandworms in Frank Herbert's Dune. Suno, one of the largest AI music generators online, lets users type a text description and receive a full song in seconds; building that capability required a substantial training dataset---a collection of audio files used to teach the model what different genres and styles sound like.
The leaked material consists of scraping instructions and internal logs from 2023 and 2024, offering a rare look at how those pipelines are actually assembled.
The dataset breakdown is specific. According to internal file comments reviewed by 404 Media, the training library included 113,879 hours of YouTube Music, 152,162 hours of tagged YouTube tracks, 62,117 hours from stock music library Pond5, 12,287 hours from Deezer, and 17,615 hours in a dataset labeled genius_hq, associated with material collected through Genius. The code also documented plans to download roughly 1 million hours of podcast audio via RSS feeds.
One internal file tracking YouTube Music ingestion alone logged 2,013,545 music clips. That's millions of recordings covering decades of audio---and the appetite wasn't limited to music.
The hacker claimed to have accessed records associated with hundreds of thousands of customers, including emails, phone numbers, and Stripe-related information. Suno disputes that sensitive personal information was compromised.
The company says it identified the incident in November 2025 and called it "limited." Suno determined the exposure primarily involved outdated source code no longer in use and concluded that individual customer notifications weren't required under applicable privacy laws. Users are only finding that out now, through news coverage.
Here's the thing: Suno had already told anyone willing to read its own website that something like this was happening. Under California's AB 2013 law---which requires AI companies to disclose their training practices---the company publicly acknowledged that its training data may include music "subject to intellectual property protection," and listed the corpus at tens of millions of publicly available music audio files. What the hack adds is specificity: The legal filing was vague by design, and the leaked code is not.
The scope of AI music training was already becoming clear before anyone breached anything. In June 2026, The Atlantic published four searchable databases documenting music used to train AI models---one containing 12 million tracks, another with 9 million, and two more with around 100,000 each. You could look up your favorite artist before a hacker handed anyone source code.
The Recording Industry Association of America had alleged in a 2025 amendment to its original 2024 lawsuit against Suno that the company was ripping songs directly from YouTube---an accusation Suno contested under a fair use defense. The suit sought $150,000 per infringement incident. The hacked source code corroborates the RIAA's central allegation.
Udio, which was targeted in a parallel lawsuit filed by the same major-label coalition, settled with Warner Music in November 2025 and is now transitioning to a licensed platform. Suno's case with Sony and UMG remains active in federal court; the company's valuation sits at $5.4 billion with around 100 million users on the platform.
Suno did not immediately respond to a request for comment by Decrypt.
Disclaimer: This content is provided for general branding and informational purposes only and doesn't constitute financial, investment, legal, or tax advice. Any events, rewards, online events, or related information mentioned herein should not be considered a recommendation, solicitation, or invitation to purchase, sell, trade, or otherwise deal in any crypto assets or to use any services. Crypto assets are highly volatile and may result in loss. WEEX services and online events may not be available in all regions and are subject to applicable laws, regulations, and eligibility requirements. You are responsible for ensuring that your use of WEEX services complies with local laws and for carefully assessing the risks before participating in any crypto-related activities.
You may also like

The Cost of DeFi Popularization: Understanding Aave Stable Vaults' Profit Distribution and Hidden Risks

NEAR Deep Investment Value Analysis: Reassessing Value from Underlying Architecture Evolution to Full-Chain AI Operating System

Bitcoin’s anti-spam fight gets a 'DOG Mode' reply
![[Market Analysis] One in Thirty Adults in Korea Estimated to Face Margin Calls Amid KOSPI Plunge](/public-static/32_e2da91fed2.png?format=avif)
[Market Analysis] One in Thirty Adults in Korea Estimated to Face Margin Calls Amid KOSPI Plunge

Russian Duma Panel Rejects Looser Crypto Bill Amendments

South Korea’s FSS to Monitor Margin Trading at Brokerages

Inclusion of Digital Assets in 1400 Trillion Won National Assets... Not a 'Korean Version of SBR' but a Management System Overhaul

Bitget UEX Daily Report | Fed's Hawkish Warning on Inflation Risks; Nasdaq Plummets Led by Storage Sector; Middle East Situation Drives Up Oil Prices (July 17, 2026)

A Critical Review of Base's 'Self-Criticism'

The Future of Prediction Markets and the Japanese Market: Insights from Limitless CEO at WebX2026

Monetizing the 'Presidential Effect'? Trump's Media Company Launches 'Tweet Preview' Privilege for Sale

How to Play Event Contracts? Comparison of 4 Popular Platforms

Netflix Disappoints in Q2 2026: What Explains the 8% Drop?

New Company to Permanently Hold Small Businesses and Accumulate Bitcoin, U.S. Orange Juice Established

20 Million Bitcoins Mined: Does Scarcity Redefine Monetary Sovereignty?

Peter Schiff: Bitcoin Could Fall to $20,000!

UK Convicts Gang That Stole £4 Million in Cryptocurrency Posing as Police Officers

A Solitary Bitcoin Mining Pool Boosts Its Hashrate and Mines Its Fourth Block

Bitcoin Q-Day Recovery Proposal Aims to Let Users Prove Ownership After Quantum Attack

Crypto: XRP Whales Reduce Their Activity on Binance According to CryptoQuant

Thank You Odysee! The Market Verdict on Freedom

Ethereum vs Hyperliquid: Whitepaper Comparison (2026)

Mira Murati Drops Her First AI Model After Leaving OpenAI—And It's Fully Open Source

Multi-Institutional Custody and the Quest for Security

Citadel Securities invests $400 million in Crypto.com at $20 billion valuation

MiCA - The Transition Ends as Reality Catches Up with the Text

Killing Bitcoin for $8 Billion: A Shocking Thesis Questioning the Reliability of Cryptocurrencies

Poverty in France: The Gap Widens Between Unemployed and Retirees

Liquidity Provider Focused on Asian Stocks Raises $35 Million, Completes Seed Round Financing











