According to a report from 404 Media, the AI music generator Suno has been hacked.
The hacker told the publication that he used a supply chain attack in November to gain access to employee credentials and then to source code showing how Suno collected decades of audio from YouTube Music, Deezer, Genius, stock music libraries, and podcast RSS feeds.
Suno previously acknowledged that it uses “publicly available music files” to train its AI on the open internet, and argued that it can train with copyrighted material under the fair use doctrine, a subjective carve-out in copyright law. But the major record labels that are aggressively suing Suno say intentionally circumventing YouTube’s protections against data scraping is illegal under the Digital Millennium Copyright Act (DMCA). This also violates YouTube’s Terms of Service.
Suno’s competitor Udio has also been accused of scraping YouTube data. YouTube’s parent company, Google, also faces similar copyright infringement claims from various major book publishers.
The hackers reportedly accessed customer data within Stripe, including some of the customers’ emails, phone numbers, and credit card numbers.
Suno did not notify customers about the November 2025 breach and claims it was a “limited security incident that was quickly contained.”
