Many users expressed outrage at Suno for alleged music theft and corruption exposed by the hack, wishing the company would be sued into bankruptcy or destroyed, while a few praised the reporting.
Based on 29 visible X reactions from 171 accounts; directional sample.
Ask a question below.
Published answers will appear here.
@jason_koebler Wow. Great work. Think there is a lot more to come and I just saw this https://www.musicbusinessworldwide.com/suno-is-building-toward-ipo-readiness/
8:01 AM · Jul 15, 2026@jason_koebler Suno is a terrible company and have awful humans working there. I am shocked they haven’t been sued out the ass yet
1:13 PM · Jul 15, 2026@jason_koebler Absolutely based, copyright is an illegitimate right anyway. I hope they pirate even more music to improve their technology
10:32 AM · Jul 15, 2026@Much8Less @jason_koebler I hope suno bankrupts tho
12:29 PM · Jul 15, 2026@jason_koebler Let’s hope they get sued into oblivion
10:56 AM · Jul 15, 2026Suno AI Data Breach Reveals Massive Scraping of Music, Lyrics, and Podcasts from YouTube, Deezer, Genius, and More A significant security incident at Suno, one of the leading AI-powered music generation platforms, has exposed detailed internal evidence of how the company built its training datasets by scraping enormous volumes of audio and text content from across the web. On July 15, 2026, independent tech news outlet 404 Media published a report based on source code and related files obtained from a hacker. The materials, dating primarily to 2023–2024, document systematic scraping operations that pulled hundreds of thousands of hours of music, lyrics, and podcasts. The Breach and the Hacker The hacker, operating under the pseudonym ellie.191, gained access through a supply chain attack on a Suno employee. They used the Shai-Hulud npm worm a self-propagating malware that targets the Node Package Manager ecosystem, harvesting credentials from GitHub, cloud services, and development environments.47 ellie.191 told 404 Media they had no targeted grudge against Suno, stating simply, “I like to hack anything and everything.” The hacker accessed Suno’s source code repositories and customer data (including emails, phone numbers used for sign-up, and Stripe payment details for hundreds of thousands of users, though Suno maintains it does not store full credit card numbers). Suno stated it discovered the limited security incident in November 2025, contained it quickly, and determined that primarily outdated source code (no longer in active use) was involved. The company did not notify users individually, citing the limited scope under applicable privacy laws. What the Leaked Code Revealed The internal files provide rare concrete details on Suno’s data ingestion pipelines. Key dataset statistics extracted from code comments include: •113,879 hours of YouTube Music content •152,162 hours of tagged YouTube Music (ytm_tagged) •2,013,545 music clips from YouTube Music (one file reference) •17,615 hours of Genius HQ lyrics •12,287 hours of Deezer •62,117 hours of Pond5 music •19,514 hours from the International Music Score Library Project (IMSLP) •3,726 hours from Jamendo •410 hours from Freesound •103 hours of MuseScore lyrics The code also references efforts to download roughly 1 million hours of podcasts using data from PodcastIndex, focusing on shows with multiple episodes. Scraping targeted YouTube (including searches for a cappella/vocal-only versions), used third-party proxy services like Bright Data, and included filters to exclude non-music content. Suno has previously acknowledged training on “essentially all music files of reasonable quality that are accessible on the open internet,” including tens of millions of recordings, and argued this constitutes fair use. Its official California training data disclosure describes models trained on publicly available music files and metadata from third-party websites, plus some user-generated content and activity data post-training (with identifying information removed). Data collection began in spring 2023 and is ongoing. Suno’s Response and Legal Context In its statement to 404 Media, Suno emphasized: “As we have stated in public filings and disclosures, Suno’s AI models have been trained on publicly available music files and related metadata accessible on third-party websites on the open Internet.” The company highlighted its “Original Creation, By Design” approach, which avoids using artist names as training metadata to encourage novel outputs rather than direct replicas. It also pointed to investments in watermarking, audio fingerprinting, and safeguards against misuse like impersonation.
3:46 PM · Jul 15, 2026Exposed data shows scraped audio from YouTube, Deezer, and Genius.
@jason_koebler Let’s hope they get sued into oblivion
10:56 AM · Jul 15, 2026Suno AI Data Breach Reveals Massive Scraping of Music, Lyrics, and Podcasts from YouTube, Deezer, Genius, and More A significant security incident at Suno, one of the leading AI-powered music generation platforms, has exposed detailed internal evidence of how the company built its training datasets by scraping enormous volumes of audio and text content from across the web. On July 15, 2026, independent tech news outlet 404 Media published a report based on source code and related files obtained from a hacker. The materials, dating primarily to 2023–2024, document systematic scraping operations that pulled hundreds of thousands of hours of music, lyrics, and podcasts. The Breach and the Hacker The hacker, operating under the pseudonym ellie.191, gained access through a supply chain attack on a Suno employee. They used the Shai-Hulud npm worm a self-propagating malware that targets the Node Package Manager ecosystem, harvesting credentials from GitHub, cloud services, and development environments.47 ellie.191 told 404 Media they had no targeted grudge against Suno, stating simply, “I like to hack anything and everything.” The hacker accessed Suno’s source code repositories and customer data (including emails, phone numbers used for sign-up, and Stripe payment details for hundreds of thousands of users, though Suno maintains it does not store full credit card numbers). Suno stated it discovered the limited security incident in November 2025, contained it quickly, and determined that primarily outdated source code (no longer in active use) was involved. The company did not notify users individually, citing the limited scope under applicable privacy laws. What the Leaked Code Revealed The internal files provide rare concrete details on Suno’s data ingestion pipelines. Key dataset statistics extracted from code comments include: •113,879 hours of YouTube Music content •152,162 hours of tagged YouTube Music (ytm_tagged) •2,013,545 music clips from YouTube Music (one file reference) •17,615 hours of Genius HQ lyrics •12,287 hours of Deezer •62,117 hours of Pond5 music •19,514 hours from the International Music Score Library Project (IMSLP) •3,726 hours from Jamendo •410 hours from Freesound •103 hours of MuseScore lyrics The code also references efforts to download roughly 1 million hours of podcasts using data from PodcastIndex, focusing on shows with multiple episodes. Scraping targeted YouTube (including searches for a cappella/vocal-only versions), used third-party proxy services like Bright Data, and included filters to exclude non-music content. Suno has previously acknowledged training on “essentially all music files of reasonable quality that are accessible on the open internet,” including tens of millions of recordings, and argued this constitutes fair use. Its official California training data disclosure describes models trained on publicly available music files and metadata from third-party websites, plus some user-generated content and activity data post-training (with identifying information removed). Data collection began in spring 2023 and is ongoing. Suno’s Response and Legal Context In its statement to 404 Media, Suno emphasized: “As we have stated in public filings and disclosures, Suno’s AI models have been trained on publicly available music files and related metadata accessible on third-party websites on the open Internet.” The company highlighted its “Original Creation, By Design” approach, which avoids using artist names as training metadata to encourage novel outputs rather than direct replicas. It also pointed to investments in watermarking, audio fingerprinting, and safeguards against misuse like impersonation.
3:46 PM · Jul 15, 2026Many users expressed outrage at Suno for alleged music theft and corruption exposed by the hack, wishing the company would be sued into bankruptcy or destroyed, while a few praised the reporting.
Based on 29 visible X reactions from 171 accounts; directional sample.
Ask a question below.
Published answers will appear here.