Suno, the AI-powered music generation platform, has been hacked. The attack exposed source code and customer data, according to 404 Media. The hacker accessed information detailing Suno's training data scraping practices, which include collecting music and lyrics from YouTube Music, Deezer, and Genius.
The breach targeted GitHub and cloud service credentials
The hacker claimed to have infected a Suno employee with a worm to steal credentials for GitHub and cloud services. Along with scraping details, the attacker obtained a customer list containing hundreds of thousands of names, email addresses, and phone numbers. Suno confirmed the incident, which occurred in November 2025, stating it was quickly contained and that no sensitive personal information was compromised.
Sponsored Protocol
Music scraping practices come under renewed scrutiny
It has been an open secret that AI companies use copyrighted music for training. Suno itself admitted in a US court to scraping "tens of millions of recordings" from the internet, arguing fair use. The 404 Media report adds that Suno may have used proxy services to scrape songs from YouTube, including acapella versions, and RSS feeds for podcasts. The company faces a copyright lawsuit from record labels, though Warner Music Group dropped out after reaching a licensing deal.
Sponsored Protocol
Suno downplays damage but data leak raises legal risks
A Suno spokesperson said the incident primarily involved outdated source code and that the company does not store full credit card numbers, which are handled by Stripe. Nonetheless, the leak of scraping details could fuel further legal action. For more on AI regulation, see the Wikipedia entry on generative artificial intelligence. Also read about EU exemptions for smartwatches related to tech policy.