Suno Breached via Shai-Hulud Worm, Leaked Code Exposes AI Music Scraping A hacker using the handle ellie.191 breached AI music generator Suno by infecting a single employee with the Shai-Hulud worm, stealing GitHub and cloud credentials to access source code, customer data, and Stripe payment information. Leaked code confirms Suno scraped YouTube, Deezer, and Genius to train its models, corroborating RIAA claims and exposing the company's data practices. Suno confirmed a limited security incident in November 2025 but did not notify affected customers. Leaked source code shows how AI music generator Suno scraped YouTube, Deezer, and Genius to train its models. The breach that exposed it started with a Shai-Hulud infection, according to a scoop from 404 Media. A threat actor using the handle ellie.191 told 404 Media https://www.404media.co/hack-reveals-suno-ai-music-generator-scraped-youtube-deezer-and-genius/ they breached Suno by compromising a single employee with the Shai-Hulud worm, then used the harvested GitHub and cloud credentials to reach the company's source code, customer list, and Stripe payment data. The downstream impact of Shai-Hulud is still coming to light months after the worm's first waves. The campaign exposed secrets from tens of thousands of GitHub repositories, and the Suno breach is the latest to surface. The leaked code documents Suno's scraping The-leaked-code-documents-Suno's-scraping The leaked source code and dataset comments describe scraping from YouTube Music, Deezer, Genius, Pond5, Jamendo, Freesound, and the International Music Score Library Project, plus roughly a million hours of podcasts identified through PodcastIndex. The code confirms the RIAA's claim that Suno stream-ripped tracks from YouTube and shows Suno routing that scraping through proxies from Bright Data. 404 Media https://www.404media.co/hack-reveals-suno-ai-music-generator-scraped-youtube-deezer-and-genius/ published the dataset figures and file-level detail. Shai-Hulud harvested the credentials behind the breach Shai-Hulud-harvested-the-credentials-behind-the-breach Shai-Hulud harvests GitHub and cloud service credentials from developer machines and CI environments, so compromising one employee was enough to reach Suno's internal systems. It exfiltrates what it steals to a public GitHub repository under the victim's own account, which leaves the credentials publicly accessible. What 404 Media does not establish is ellie.191's role. They may have been part of the campaign that planted the trojanized packages, or they may have found the Suno employee's exfiltrated credentials in that public repository and used them to gain unauthorized access to the company's code and systems. The second fits how the hacker described themselves, with no specific reason for targeting Suno and a stated habit of hacking "anything and everything." Either way, the worm turned a single infected developer machine into a public dump of Suno's corporate credentials. ellie.191 gave 404 Media a sample of customer records, and some of those customers confirmed the data was theirs and said Suno never notified them of a breach. Suno confirmed a security incident in a statement to 404 Media, dating it to November 2025 and describing it as limited and quickly contained. The company said the incident primarily involved outdated source code and that it does not store full credit card numbers in Stripe. The reported November timing lines up with Shai-Hulud's second wave https://socket.dev/blog/shai-hulud-strikes-again-v2 , which spread across npm in late November and added a destructive fallback that wipes home directories when it can't exfiltrate. Shai-Hulud spreads by republishing malicious versions of any packages the stolen npm and GitHub accounts can reach. The first wave https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages compromised dozens of packages in September 2025 and reached CrowdStrike's https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages packages within weeks. SANDWORM MODE https://socket.dev/blog/sandworm-mode-npm-worm-ai-toolchain-poisoning added AI toolchain poisoning in February 2026. Another variant, Mini Shai-Hulud https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack , hit npm, PyPI, and Packagist https://socket.dev/blog/mini-shai-hulud-packagist-malicious-intercom-php-package-compromise in April and May 2026.