A hack into Suno's source code has revealed the AI music generator allegedly scraped decades of audio from YouTube Music, Deezer, and other platforms without permission.
The breach, which was discovered in November 2025, has raised concerns over copyright infringement and data protection. According to reports, the hacker used a supply chain attack to access an employee's credentials, allowing them to access source code showing how Suno allegedly scraped audio from various music libraries and RSS feeds.
Suno previously admitted that it trains its AI on publicly available music files, but the company's lawyers argue that this can be done under the fair use doctrine. However, major record labels are actively suing Suno for copyright infringement, claiming that the company deliberately circumvented YouTube's protections against data scraping and violated YouTube's terms of service.
The hack also revealed that Suno stored customer data, including emails, phone numbers, and partial credit card numbers, in Stripe.
Suno has claimed that the breach was a 'limited security incident that was quickly contained', but the company did not notify customers about the breach until it was reported by a hacker.
The incident highlights the need for stricter regulations on data protection and copyright infringement in the music industry.