Hack suggests AI music generator Suno scraped YouTube for training data A hacker accessed Suno's source code via a supply chain attack, revealing the AI music generator scraped decades of audio from YouTube Music, Deezer, Genius, stock music libraries, and podcast RSS feeds for training data. The breach also exposed customer emails, phone numbers, and partial credit card numbers. Suno faces lawsuits from major record labels alleging copyright infringement and DMCA violations. The AI music generator Suno was hacked, according to a report from 404 Media https://www.404media.co/hack-reveals-suno-ai-music-generator-scraped-youtube-deezer-and-genius/ . The hacker told the publication that they used a supply chain attack to access an employee’s credentials, allowing them to then access source code showing how Suno allegedly scraped decades of audio from YouTube Music, Deezer, Genius, stock music libraries, and podcast RSS feeds. Suno previously admitted https://help.suno.com/en/articles/9709569?ref=404media.co that it trains its AI on “publicly available music files” on the open internet, arguing that it can train on copyrighted material under the fair use doctrine, a subjective carve out of copyright law. But according to the major record labels actively suing https://techcrunch.com/2026/06/03/still-facing-copyright-lawsuits-ai-music-generator-suno-raises-another-400m/ Suno, it is illegal https://www.theverge.com/news/782448/riaa-suno-ai-lawsuit-update-stream-ripping-youtube?ref=404media.co under the Digital Millennium Copyright Act DMCA to deliberately circumvent YouTube’s protections against data scraping; it also violates YouTube’s terms of service. Udio https://www.musicbusinessworldwide.com/udio-admits-to-scraping-youtube-audio-for-ai-training-in-answer-to-sony-music-lawsuit/ , a competitor to Suno, has also been accused of scraping YouTube data. Google, the parent company of YouTube, faces similar allegations of copyright infringement https://techcrunch.com/2026/07/14/google-faces-another-ai-training-lawsuit-from-major-publishers/ from a variety of major book publishers. The hacker reportedly accessed customer data including customer emails, phone numbers https://bsky.app/profile/jasonkoebler.bsky.social/post/3mqovexnuj22h , and partial credit card numbers in Stripe. Suno did not notify customers about the November 2025 breach and claims that this was a “limited security incident that was quickly contained.”