{"slug": "leaks-reveal-suno-fed-thousands-of-hours-of-deezer-youtube-and-pond5-data-into", "title": "Leaks Reveal Suno Fed Thousands of Hours of Deezer, YouTube and Pond5 Data Into Its AI", "summary": "A hacker breached AI music platform Suno using the Shai-Hulud worm and leaked source code revealing the company scraped over 113,000 hours from YouTube Music, 62,000 hours from Pond5, and 12,000 hours from Deezer to train its AI music generator. The breach also exposed customer emails, phone numbers, and Stripe payment data for hundreds of thousands of users, though Suno disputes the extent of the compromise. The leak confirms long-standing allegations by the music industry that Suno used copyrighted material without permission.", "body_md": "#### In brief\n\n- A hacker using the Shai-Hulud worm breached Suno in 2025 and leaked source code showing the platform scraped over 113,000 hours from YouTube Music, 62,000 from stock library Pond5, and 12,000 from Deezer, among other sources.\n- The same intrusion reached customer emails, phone numbers, and Stripe payment data for what the hacker describes as hundreds of thousands of users.\n- Suno's own California compliance disclosure had already acknowledged that its training data may include music \"subject to intellectual property protection\"\n\nA hacker broke into AI music platform Suno and walked out with source code that documents, in precise detail, exactly where the company's training data came from.\n\nThe breach was [first reported by 404 Media](https://www.404media.co/hack-reveals-suno-ai-music-generator-scraped-youtube-deezer-and-genius/), which reviewed the leaked files. It confirms what the music industry had been saying in courts since 2024.\n\nThe intruder claims to have used a piece of malware called the Shai-Hulud worm—named after the enormous sandworms in Frank Herbert's Dune. Suno, one of the largest AI music generators online, lets users type a text description and receive a full song in seconds; building that capability required a substantial training dataset—a collection of audio files used to teach the model what different genres and styles sound like.\n\nThe leaked material consists of scraping instructions and internal logs from 2023 and 2024, offering a rare look at how those pipelines are actually assembled.\n\nThe dataset breakdown is specific. According to internal file comments reviewed by *404 Media*, the training library included 113,879 hours of YouTube Music, 152,162 hours of tagged YouTube tracks, 62,117 hours from stock music library Pond5, 12,287 hours from Deezer, and 17,615 hours in a dataset labeled genius_hq, associated with material collected through Genius. The code also documented plans to download roughly 1 million hours of podcast audio via RSS feeds.\n\n‼️ BREAKING: A hacker breached AI music company Suno using the Shai-Hulud worm and released source code showing how its training set was built:\n\n- 113,879 hours of YouTube Music\n\n- 62,117 hours of Pond5\n\n- 12,287 hours of Deezer\n\n- plus Genius lyrics and a plan to download roughly…[pic.twitter.com/iSbM8EHeeQ]— International Cyber Digest (@IntCyberDigest)\n\n[July 16, 2026]\n\nOne internal file tracking YouTube Music ingestion alone logged 2,013,545 music clips. That's millions of recordings covering decades of audio—and the appetite wasn't limited to music.\n\nThe hacker claimed to have accessed records associated with hundreds of thousands of customers, including emails, phone numbers, and Stripe-related information. Suno disputes that sensitive personal information was compromised.\n\nThe company says it identified the incident in November 2025 and called it \"limited.\" Suno determined the exposure primarily involved outdated source code no longer in use and concluded that individual customer notifications weren't required under applicable privacy laws. Users are only finding that out now, through news coverage.\n\nHere's the thing: Suno had already told anyone willing to read its own website that something like this was happening. Under California's AB 2013 law—which requires AI companies to disclose their training practices—the company publicly [acknowledged](https://help.suno.com/en/articles/9709569) that its training data may include music \"subject to intellectual property protection,\" and listed the corpus at tens of millions of publicly available music audio files. What the hack adds is specificity: The legal filing was vague by design, and the leaked code is not.\n\nThe scope of AI music training was already becoming clear before anyone breached anything. In June 2026, *The Atlantic* [published four searchable databases](https://www.engadget.com/2194804/investigation-by-the-atlantic-reveals-many-millions-of-songs-used-for-ai-music-training/) documenting music used to train AI models—one containing 12 million tracks, another with 9 million, and two more with around 100,000 each. You could look up your favorite artist before a hacker handed anyone source code.\n\nThe Recording Industry Association of America had alleged in a 2025 amendment to its original [2024 lawsuit against Suno](https://decrypt.co/236809/ai-music-riaa-lawsuit-suno-udio-industry-copyright) that the company was ripping songs directly from YouTube—an accusation Suno contested under a fair use defense. The suit sought $150,000 per infringement incident. The hacked source code corroborates the RIAA's central allegation.\n\nUdio, which was targeted in a parallel lawsuit filed by the same major-label coalition, [settled with Warner Music](https://decrypt.co/349360/warner-music-moves-from-litigation-to-licensing-with-udio) in November 2025 and is now transitioning to a licensed platform. Suno's case with Sony and UMG remains active in federal court; the company's valuation sits at [$5.4 billion](https://suno.com/blog/series-d-announcement) with around 100 million users on the platform.\n\nSuno did not immediately respond to a request for comment by *Decrypt*.", "url": "https://wpnews.pro/news/leaks-reveal-suno-fed-thousands-of-hours-of-deezer-youtube-and-pond5-data-into", "canonical_source": "https://decrypt.co/373682/leaks-reveal-suno-fed-thousands-hours-deezer-youtube-pond5-data-ai", "published_at": "2026-07-16 21:01:03+00:00", "updated_at": "2026-07-16 21:07:30.590994+00:00", "lang": "en", "topics": ["artificial-intelligence", "ai-ethics", "ai-policy", "ai-products", "ai-infrastructure"], "entities": ["Suno", "YouTube Music", "Pond5", "Deezer", "Genius", "Stripe", "404 Media", "Shai-Hulud worm"], "alternates": {"html": "https://wpnews.pro/news/leaks-reveal-suno-fed-thousands-of-hours-of-deezer-youtube-and-pond5-data-into", "markdown": "https://wpnews.pro/news/leaks-reveal-suno-fed-thousands-of-hours-of-deezer-youtube-and-pond5-data-into.md", "text": "https://wpnews.pro/news/leaks-reveal-suno-fed-thousands-of-hours-of-deezer-youtube-and-pond5-data-into.txt", "jsonld": "https://wpnews.pro/news/leaks-reveal-suno-fed-thousands-of-hours-of-deezer-youtube-and-pond5-data-into.jsonld"}}