# Suno Breached via Shai-Hulud Worm, Leaked Code Exposes AI Music Scraping

> Source: <https://socket.dev/blog/suno-breach-shai-hulud-worm?utm_medium=feed>
> Published: 2026-07-16 15:34:49+00:00

Leaked source code shows how AI music generator Suno scraped YouTube, Deezer, and Genius to train its models. The breach that exposed it started with a Shai-Hulud infection, according to a scoop from 404 Media.

A threat actor using the handle ellie.191 told [404 Media](https://www.404media.co/hack-reveals-suno-ai-music-generator-scraped-youtube-deezer-and-genius/) they breached Suno by compromising a single employee with the Shai-Hulud worm, then used the harvested GitHub and cloud credentials to reach the company's source code, customer list, and Stripe payment data.

The downstream impact of Shai-Hulud is still coming to light months after the worm's first waves. The campaign exposed secrets from tens of thousands of GitHub repositories, and the Suno breach is the latest to surface.

## The leaked code documents Suno's scraping[#](#The-leaked-code-documents-Suno's-scraping)

The leaked source code and dataset comments describe scraping from YouTube Music, Deezer, Genius, Pond5, Jamendo, Freesound, and the International Music Score Library Project, plus roughly a million hours of podcasts identified through PodcastIndex. The code confirms the RIAA's claim that Suno stream-ripped tracks from YouTube and shows Suno routing that scraping through proxies from Bright Data. [404 Media](https://www.404media.co/hack-reveals-suno-ai-music-generator-scraped-youtube-deezer-and-genius/) published the dataset figures and file-level detail.

## Shai-Hulud harvested the credentials behind the breach[#](#Shai-Hulud-harvested-the-credentials-behind-the-breach)

Shai-Hulud harvests GitHub and cloud service credentials from developer machines and CI environments, so compromising one employee was enough to reach Suno's internal systems. It exfiltrates what it steals to a public GitHub repository under the victim's own account, which leaves the credentials publicly accessible. What 404 Media does not establish is ellie.191's role. They may have been part of the campaign that planted the trojanized packages, or they may have found the Suno employee's exfiltrated credentials in that public repository and used them to gain unauthorized access to the company's code and systems. The second fits how the hacker described themselves, with no specific reason for targeting Suno and a stated habit of hacking "anything and everything."

Either way, the worm turned a single infected developer machine into a public dump of Suno's corporate credentials. ellie.191 gave 404 Media a sample of customer records, and some of those customers confirmed the data was theirs and said Suno never notified them of a breach.

Suno confirmed a security incident in a statement to 404 Media, dating it to November 2025 and describing it as limited and quickly contained. The company said the incident primarily involved outdated source code and that it does not store full credit card numbers in Stripe. The reported November timing lines up with [Shai-Hulud's second wave](https://socket.dev/blog/shai-hulud-strikes-again-v2), which spread across npm in late November and added a destructive fallback that wipes home directories when it can't exfiltrate.

Shai-Hulud spreads by republishing malicious versions of any packages the stolen npm and GitHub accounts can reach. The [first wave](https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages) compromised dozens of packages in September 2025 and [reached CrowdStrike's](https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages) packages within weeks. [SANDWORM_MODE](https://socket.dev/blog/sandworm-mode-npm-worm-ai-toolchain-poisoning) added AI toolchain poisoning in February 2026. Another variant, [Mini Shai-Hulud](https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack), hit npm, PyPI, and [Packagist](https://socket.dev/blog/mini-shai-hulud-packagist-malicious-intercom-php-package-compromise) in April and May 2026.
