The stolen source code of the AI music service Suno revealed instructions and logs for downloading audio from YouTube Music, Deezer, Pond5, and other platforms for model training. Journalists from 404 Media reported on the findings of their investigation.
A hacker known as ellie.191 told the publication that they gained access to Suno's systems after a Shai-Hulud worm infected the computer of one of its employees. The malware spread through compromised npm packages, stealing credentials, tokens, and access keys.
The exact role of ellie.191 in the attack remains unclear. According to Socket's assessment, they may have participated in the initial infection or used credentials that the worm had previously posted in a public GitHub repository.
The hacker claimed to have obtained information on hundreds of thousands of users, including email addresses, phone numbers, and details related to Stripe. Journalists verified some records through their alleged owners, but the full extent and composition of the leak have not been independently confirmed.
The company confirmed the incident, discovered in November 2025, and emphasized that it does not store full credit card numbers of customers in Stripe.
“The incident was quickly contained. It primarily affected outdated code. No confidential personal data was compromised,” said a representative of Suno.
However, the service has not published a technical report that would allow for verification of the affected systems and categories of information.
What Data Was Found in the Code
According to 404 Media, one file recorded the download of 2,013,545 music videos from YouTube Music, totaling 113,879 hours. Another set, labeled ytm_tagged, included 152,162 hours of annotated recordings from YouTube.
The code also referenced 62,117 hours of music from Pond5, 12,287 hours from Deezer, 17,615 hours in the genius_hq set, and 19,514 hours from the International Music Score Library Project. Jamendo accounted for 3,726 hours, Freesound for 410 hours, and the musescore_lyrics set for 103 hours.
Another file outlined a plan to download about 1 million hours of podcasts from approximately 420,000 RSS feeds. It remains unclear from the disclosed information whether Suno implemented this plan and whether the materials were included in the training data.
To collect audio from YouTube, developers used proxy services from Bright Data, according to Socket. These allow requests to be routed through third-party IP addresses.
‼️ BREAKING: A hacker breached AI music company Suno using the Shai-Hulud worm and released source code showing how its training set was built:
- 113,879 hours of YouTube Music
— International Cyber Digest (@IntCyberDigest) July 16, 2026
- 62,117 hours of Pond5
- 12,287 hours of Deezer
- plus Genius lyrics and a plan to download roughly… pic.twitter.com/iSbM8EHeeQ
Previously, Suno developers disclosed that they train models on tens of millions of publicly available audio files and associated metadata. The company acknowledged that some of these may include works protected by intellectual property rights. Data collection has been ongoing since spring 2023.
How the Leak Relates to Label Lawsuits
On May 21, Universal Music Group and Sony Music Entertainment requested a federal court in Massachusetts to add 61,026 recordings to their lawsuit against Suno. The labels claimed to have identified these in the training data using Audible Magic's audio fingerprinting technology.
The court documents reference an earlier position from Suno: the company acknowledged that tens of millions of recordings in the training dataset likely included works owned by the plaintiffs. However, Suno argues that such use is transformative and falls under the fair use doctrine.
The labels assert that they found matches with millions of their recordings, and the 61,026 works represent only a selected portion. The court has yet to decide whether to allow this expansion of the lawsuit.
Suno cited a parallel case against Udio. On June 30, a court in New York declined to add more than 30,000 works to it, as this would significantly alter the scope of the proceedings at a late stage.
A separate dispute concerns not the training itself, but the method of obtaining the files. In September 2025, the labels added claims under Section 1201 of the U.S. Digital Millennium Copyright Act (DMCA), which prohibits circumventing technological measures for access control.
The plaintiffs allege that Suno used YT-DL and YT-DLP to bypass YouTube's changing encryption and convert streaming audio into downloadable files. Representatives of the service stated that platform restrictions control copying, not access to the works themselves.
The leaked code may support the labels' factual position regarding the downloading of audio from YouTube and the use of proxies. However, it does not, on its own, prove the circumvention of a specific technical measure or a DMCA violation.
In November 2025, Warner Music Group settled its dispute with Suno and entered into a licensing agreement. As part of the deal, the company acquired the concert discovery service Songkick and agreed to replace existing models with new licensed versions.
As a reminder, in March 2026, Suno introduced model v5.5, featuring personalized AI model creation and music generation in its own voice.
