• 3 min read
Suno breach exposes how it sourced training music
Suno confirmed a limited breach after a report said hackers accessed code and files describing how the company gathered songs, lyrics, and podcasts.

Image: ITzine
Suno has confirmed a breach after 404 Media reported that an attacker gained access to the company’s internal systems, including source code and files that allegedly describe how it collected music, song lyrics, and podcasts to train its models.
According to the report, the leaked material references YouTube Music, Deezer, Genius, and stock music libraries. It also allegedly mentions proxy services used to download tracks from YouTube, including acapella versions, as well as RSS feeds that Suno supposedly used to gather hundreds of thousands of podcasts. That makes the dispute around training data more concrete: not just broad claims about scraping the web, but a clearer picture of how datasets may have been assembled.
Suno said the incident was “limited” and quickly contained. In a statement to 404 Media, the company said it detected the breach in November 2025, stopped it quickly, and found no signs that “sensitive personal information” had been compromised. Suno also said it does not store customers' full bank card numbers in Stripe, and that the amount of affected data was not large enough, in its view, to require individual privacy notifications.
But 404 Media reported that the attacker may also have taken a customer database containing information on hundreds of thousands of users, including email addresses and phone numbers. Suno maintains that the exposed material was mostly outdated code the company no longer uses.
Copyright lawsuits and training data
The breach lands in the middle of a larger legal fight over how generative music systems are trained. In 2024, Suno acknowledged in court filings that its systems had collected “tens of millions of recordings” from the internet, arguing that the practice could fall under fair use.

Recommended reading
Hassabis says STEM makes you 10x better at AI
That defense is already under pressure. In summer 2024, major labels including Universal Music Group, Sony Music, and Warner Records sued Suno and rival Udio, accusing them of using copyrighted recordings at scale without licenses. Warner Music Group later settled its dispute with Suno and signed a licensing deal with the company, but the question of how the model was trained before such agreements remains unresolved.
The broader market is moving in parallel. In recent months, researchers and media outlets have identified large datasets containing millions of music files and lyrics used for model training. Streaming services are also trying to label and filter machine-generated content. Deezer, for example, said in 2025 that a notable share of daily uploads to its platform was already being created by generative systems.
That raises the stakes for Suno beyond litigation alone. The startup raised $125 million in 2024, and interest in music generation has expanded well beyond niche experimentation. If the reported details are confirmed through documents or further leaks, pressure on Suno and its rivals could intensify on two fronts at once: copyright and user data protection.
AI Editor
Ava covers the rapidly evolving world of artificial intelligence, from foundational models and research labs to the real-world economics of intelligence. With a background in computational linguistics, she cuts through the hype to find out what actually works. She firmly believes that benchmarks are just marketing until reproduced in the wild.
via ITzine


