Leaks Reveal Suno Fed Thousands of Hours of Deezer, YouTube and Pond5 Data Into Its AI
A hacker broke into AI music platform Suno and walked out with source code that documents, in precise detail, exactly where the company's training data came from.
The breach was first reported by 404 Media, which reviewed the leaked files. It confirms what the music industry had been saying in courts since 2024.
The intruder claims to have used a piece of malware called the Shai-Hulud worm---named after the enormous sandworms in Frank Herbert's Dune. Suno, one of the largest AI music generators online, lets users type a text description and receive a full song in seconds; building that capability required a substantial training dataset---a collection of audio files used to teach the model what different genres and styles sound like.
The leaked material consists of scraping instructions and internal logs from 2023 and 2024, offering a rare look at how those pipelines are actually assembled.
The dataset breakdown is specific. According to internal file comments reviewed by 404 Media, the training library included 113,879 hours of YouTube Music, 152,162 hours of tagged YouTube tracks, 62,117 hours from stock music library Pond5, 12,287 hours from Deezer, and 17,615 hours in a dataset labeled genius_hq, associated with material collected through Genius. The code also documented plans to download roughly 1 million hours of podcast audio via RSS feeds.
One internal file tracking YouTube Music ingestion alone logged 2,013,545 music clips. That's millions of recordings covering decades of audio---and the appetite wasn't limited to music.
The hacker claimed to have accessed records associated with hundreds of thousands of customers, including emails, phone numbers, and Stripe-related information. Suno disputes that sensitive personal information was compromised.
The company says it identified the incident in November 2025 and called it "limited." Suno determined the exposure primarily involved outdated source code no longer in use and concluded that individual customer notifications weren't required under applicable privacy laws. Users are only finding that out now, through news coverage.
Here's the thing: Suno had already told anyone willing to read its own website that something like this was happening. Under California's AB 2013 law---which requires AI companies to disclose their training practices---the company publicly acknowledged that its training data may include music "subject to intellectual property protection," and listed the corpus at tens of millions of publicly available music audio files. What the hack adds is specificity: The legal filing was vague by design, and the leaked code is not.
The scope of AI music training was already becoming clear before anyone breached anything. In June 2026, The Atlantic published four searchable databases documenting music used to train AI models---one containing 12 million tracks, another with 9 million, and two more with around 100,000 each. You could look up your favorite artist before a hacker handed anyone source code.
The Recording Industry Association of America had alleged in a 2025 amendment to its original 2024 lawsuit against Suno that the company was ripping songs directly from YouTube---an accusation Suno contested under a fair use defense. The suit sought $150,000 per infringement incident. The hacked source code corroborates the RIAA's central allegation.
Udio, which was targeted in a parallel lawsuit filed by the same major-label coalition, settled with Warner Music in November 2025 and is now transitioning to a licensed platform. Suno's case with Sony and UMG remains active in federal court; the company's valuation sits at $5.4 billion with around 100 million users on the platform.
Suno did not immediately respond to a request for comment by Decrypt.
Disclaimer: This content is provided for general branding and informational purposes only and doesn't constitute financial, investment, legal, or tax advice. Any events, rewards, online events, or related information mentioned herein should not be considered a recommendation, solicitation, or invitation to purchase, sell, trade, or otherwise deal in any crypto assets or to use any services. Crypto assets are highly volatile and may result in loss. WEEX services and online events may not be available in all regions and are subject to applicable laws, regulations, and eligibility requirements. You are responsible for ensuring that your use of WEEX services complies with local laws and for carefully assessing the risks before participating in any crypto-related activities.
You may also like

Netflix Disappoints in Q2 2026: What Explains the 8% Drop?

New Company to Permanently Hold Small Businesses and Accumulate Bitcoin, U.S. Orange Juice Established

20 Million Bitcoins Mined: Does Scarcity Redefine Monetary Sovereignty?

Peter Schiff: Bitcoin Could Fall to $20,000!

UK Convicts Gang That Stole £4 Million in Cryptocurrency Posing as Police Officers

A Solitary Bitcoin Mining Pool Boosts Its Hashrate and Mines Its Fourth Block

Bitcoin Q-Day Recovery Proposal Aims to Let Users Prove Ownership After Quantum Attack

Crypto: XRP Whales Reduce Their Activity on Binance According to CryptoQuant

Thank You Odysee! The Market Verdict on Freedom

Ethereum vs Hyperliquid: Whitepaper Comparison (2026)

Mira Murati Drops Her First AI Model After Leaving OpenAI—And It's Fully Open Source

Multi-Institutional Custody and the Quest for Security

Citadel Securities invests $400 million in Crypto.com at $20 billion valuation

MiCA - The Transition Ends as Reality Catches Up with the Text

Killing Bitcoin for $8 Billion: A Shocking Thesis Questioning the Reliability of Cryptocurrencies

Poverty in France: The Gap Widens Between Unemployed and Retirees

Liquidity Provider Focused on Asian Stocks Raises $35 Million, Completes Seed Round Financing

Apple Intelligence in China: What Changes with Alibaba and Baidu

Nobody needed exchanges to begin with

Morgan Stanley ETFs: Wall Street Validates Digital Sovereignty

Crypto for Advisors: Strengthening defenses against AI fraud

There is now more stability in the Bitcoin market, says Larry Fink

Trump Imposes Tariffs on Brazilian Imports, Predicts Spread to Over 80 Countries

Using an iPhone as Crypto Wallet? ZachXBT and Roman Storm Weigh In

Trump to Directly Negotiate 'Ethics Clause'... Last-Minute Attempt to Finalize CLARITY Act in Senate

The Crypto Industry Needs to Integrate 'Belief Builders' and 'Speculative Traffic'

XRP Ledger Reaches 8 Million Accounts with Token Down 70%

OpenAI Unveils GPT-Red, an AI That Attacks Its Own Models to Strengthen Them

Ledger unveils hardware-backed Agent Stack to prevent rogue AI transactions











