Hack uncovers Suno’s alleged music scraping operation spanning YouTube, Deezer, and Genius – Firstpost | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


Suno, an AI music generation platform, allegedly scraped millions of songs and lyrics from YouTube Music, Deezer, Genius, and several stock music libraries, according to information revealed by a hacker who reportedly breached the company.

The hacker shared details of the alleged breach with 404 Media, claiming to have accessed information belonging to hundreds of thousands of Suno customers, including customer records and Stripe payment details.

Suno is already the subject of several major lawsuits filed by the music industry, which accuses the company of training its AI models on millions of copyrighted songs. While those lawsuits alleged that Suno relied heavily on copyrighted material, the hacked data shared with 404 Media reportedly provides new details on how the platform scraped the content and the sources it allegedly used.

STORY CONTINUES BELOW THIS AD

According to 404 Media, the leaked material includes source code from 2023 and 2024, containing scraping instructions and information outlining the scope of at least some of the company’s alleged data collection activities.

The leaked code reportedly targeted song vocals by searching for a cappella versions of tracks. It also suggests that Suno used proxy infrastructure to scrape content from YouTube through Bright Data, a company that sells web scraping tools, infrastructure, and data services. Additional code reportedly shows that, using an online service called Podcast Index, Suno identified more than 420,000 podcasts for potential data collection.

How hackers allegedly gained access

According to the report, the attackers gained access by compromising a Suno employee through the Sahil Hulud worm, a supply chain attack that allegedly enabled them to harvest GitHub and cloud service credentials.

The hackers claimed they also accessed Suno’s customer database, which reportedly contained customer email addresses and/or phone numbers, along with Stripe payment information, depending on the login method used by individual users.

Suno is not the only AI music company facing scrutiny. Its rival Udio has also been accused of scraping content from YouTube. Meanwhile, Google, YouTube’s parent company, is facing separate copyright infringement allegations from several major book publishers over its AI training practices.

STORY CONTINUES BELOW THIS AD

According to 404 Media, Suno did not notify customers about the November 2025 breach and instead described it as “a limited security incident that was quickly contained.”



Click Here For The Original Source.

——————————————————–

..........

.

.

National Cyber Security

FREE
VIEW