cd /news/artificial-intelligence/suno-breached-via-shai-hulud-worm-le… · home topics artificial-intelligence article
[ARTICLE · art-62540] src=socket.dev ↗ pub= topic=artificial-intelligence verified=true sentiment=↓ negative

Suno Breached via Shai-Hulud Worm, Leaked Code Exposes AI Music Scraping

A hacker using the handle ellie.191 breached AI music generator Suno by infecting a single employee with the Shai-Hulud worm, stealing GitHub and cloud credentials to access source code, customer data, and Stripe payment information. Leaked code confirms Suno scraped YouTube, Deezer, and Genius to train its models, corroborating RIAA claims and exposing the company's data practices. Suno confirmed a limited security incident in November 2025 but did not notify affected customers.

read2 min views1 publishedJul 16, 2026
Suno Breached via Shai-Hulud Worm, Leaked Code Exposes AI Music Scraping
Image: Socket (auto-discovered)

Leaked source code shows how AI music generator Suno scraped YouTube, Deezer, and Genius to train its models. The breach that exposed it started with a Shai-Hulud infection, according to a scoop from 404 Media.

A threat actor using the handle ellie.191 told 404 Media they breached Suno by compromising a single employee with the Shai-Hulud worm, then used the harvested GitHub and cloud credentials to reach the company's source code, customer list, and Stripe payment data.

The downstream impact of Shai-Hulud is still coming to light months after the worm's first waves. The campaign exposed secrets from tens of thousands of GitHub repositories, and the Suno breach is the latest to surface.

The leaked code documents Suno's scraping# #

The leaked source code and dataset comments describe scraping from YouTube Music, Deezer, Genius, Pond5, Jamendo, Freesound, and the International Music Score Library Project, plus roughly a million hours of podcasts identified through PodcastIndex. The code confirms the RIAA's claim that Suno stream-ripped tracks from YouTube and shows Suno routing that scraping through proxies from Bright Data. 404 Media published the dataset figures and file-level detail.

Shai-Hulud harvested the credentials behind the breach# #

Shai-Hulud harvests GitHub and cloud service credentials from developer machines and CI environments, so compromising one employee was enough to reach Suno's internal systems. It exfiltrates what it steals to a public GitHub repository under the victim's own account, which leaves the credentials publicly accessible. What 404 Media does not establish is ellie.191's role. They may have been part of the campaign that planted the trojanized packages, or they may have found the Suno employee's exfiltrated credentials in that public repository and used them to gain unauthorized access to the company's code and systems. The second fits how the hacker described themselves, with no specific reason for targeting Suno and a stated habit of hacking "anything and everything."

Either way, the worm turned a single infected developer machine into a public dump of Suno's corporate credentials. ellie.191 gave 404 Media a sample of customer records, and some of those customers confirmed the data was theirs and said Suno never notified them of a breach.

Suno confirmed a security incident in a statement to 404 Media, dating it to November 2025 and describing it as limited and quickly contained. The company said the incident primarily involved outdated source code and that it does not store full credit card numbers in Stripe. The reported November timing lines up with Shai-Hulud's second wave, which spread across npm in late November and added a destructive fallback that wipes home directories when it can't exfiltrate.

Shai-Hulud spreads by republishing malicious versions of any packages the stolen npm and GitHub accounts can reach. The first wave compromised dozens of packages in September 2025 and reached CrowdStrike's packages within weeks. SANDWORM_MODE added AI toolchain poisoning in February 2026. Another variant, Mini Shai-Hulud, hit npm, PyPI, and Packagist in April and May 2026.

── more in #artificial-intelligence 4 stories · sorted by recency
── more on @suno 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/suno-breached-via-sh…] indexed:0 read:2min 2026-07-16 ·