cd /news/artificial-intelligence/hack-reveals-sunos-data-scraping-met… · home topics artificial-intelligence article
[ARTICLE · art-60951] src=cryptobriefing.com ↗ pub= topic=artificial-intelligence verified=true sentiment=↓ negative

Hack reveals Suno’s data scraping methods for AI music generation

A hacker breached AI music startup Suno via an npm supply-chain worm, exposing source code and customer data. The leak revealed that Suno scraped over 2 million audio clips from YouTube Music and tens of thousands of hours from Deezer, Genius, and Pond5 to train its AI models, intensifying existing copyright lawsuits from major music labels.

read2 min views1 publishedJul 15, 2026
Hack reveals Suno’s data scraping methods for AI music generation
Image: Cryptobriefing (auto-discovered)

A supply-chain worm gave a hacker access to Suno's source code, exposing how the $5.4 billion AI music startup scraped millions of audio clips from major platforms

Suno, the generative AI music startup valued at $5.4 billion, just had its entire playbook exposed. A hacker using the handle ellie.191 compromised the company through a supply-chain worm, accessing employee credentials that unlocked source code and customer data, and in the process, revealed exactly how Suno built its training datasets.

The leaked materials show Suno scraped over 2,013,545 music clips from YouTube Music alone, while logging tens of thousands of audio hours from platforms including Deezer, Genius, and Pond5. For a company already facing copyright lawsuits from major music labels, this is roughly the equivalent of getting caught with the receipts.

What the breach actually exposed #

The attack vector was a npm supply-chain worm called Shai-Hulud. It allowed the hacker to intercept employee credentials, which then provided access to Suno’s source code from 2023 through 2024.

The exfiltrated data wasn’t limited to code. Customer information, including emails, phone numbers, and payment details from Stripe, was also compromised. As of the reporting date by 404 Media on July 15, 2026, affected customers had not been notified of the breach.

The scraped audio data is where things get particularly uncomfortable for Suno. The leaked documents detail a massive ingestion pipeline that pulled 12,287 hours of audio from Deezer, 17,615 hours from Genius, and a staggering 62,117 hours from Pond5. Combined with the 2 million-plus clips from YouTube Music, this paints a picture of an AI training operation that was vacuuming up audio from every available source at industrial scale.

The hacker claimed no particular motive beyond the enjoyment of hacking.

This breach lands at the worst possible time for Suno. The company is already embroiled in copyright litigation from major music labels who allege unauthorized use of protected content to train AI models. Those lawsuits were filed based on suspicions about Suno’s training data. Now there’s documentary evidence.

Suno completed a fundraising round in June 2026, securing more than $400 million at a $5.4 billion post-money valuation.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our

Editorial Policy.

── more in #artificial-intelligence 4 stories · sorted by recency
── more on @suno 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/hack-reveals-sunos-d…] indexed:0 read:2min 2026-07-15 ·