Suno Hack Reveals How AI Music Company Collected Data to Train Its AI

AI music company Suno is facing fresh attention after a hacker reportedly broke into its systems and leaked internal source code and documents. According to a report by 404 Media, the leaked files reveal how Suno collected music, lyrics, podcasts, and other audio content to train its AI music generator.

The leak comes at a difficult time for the company, which is already fighting copyright lawsuits from major music companies. The newly leaked information could increase legal pressure by providing more details about the sources Suno allegedly used to build its AI training library.

According to the report, the hacker gained access to Suno’s internal files and shared source code from 2023 and 2024. The leaked material reportedly included technical instructions showing how the company collected audio and text data from several popular online platforms.

The documents mention well-known services such as YouTube Music, Deezer, Genius, Pond5, Jamendo, Freesound, and podcast RSS feeds. These platforms contain millions of songs, sound effects, music tracks, lyrics, and spoken audio that can be used for different purposes.

One of the leaked files reportedly listed several online sources that Suno used while building its AI training library. Another file named “youtube_music” suggested that the company had collected more than 2 million music clips from YouTube Music.

According to comments found inside the leaked code, Suno’s AI training data may have included very large amounts of audio from different sources. The leaked information claimed the company collected:

  • More than 113,000 hours of audio from YouTube Music.
  • More than 62,000 hours of music from Pond5.
  • More than 17,000 hours of content from Genius.
  • More than 12,000 hours from Deezer.
  • More than 3,700 hours from Jamendo.

If accurate, these numbers show that Suno gathered an enormous amount of audio to train its artificial intelligence system.

The leaked code also reportedly showed that Suno searched YouTube for acapella versions of songs. Acapella recordings contain only the singer’s voice without background music.

According to the report, this suggests the company may have been collecting vocal tracks separately to help its AI better understand singing styles, lyrics, pronunciation, and vocal patterns.

The leak also indicates that Suno did not focus only on music. According to 404 Media, the company also collected podcasts for AI training.

The leaked documents reportedly showed that Suno used PodcastIndex, a large podcast directory, to find podcasts that could be downloaded.

The code allegedly identified around 420,000 podcasts that contained at least five episodes lasting 30 minutes or longer. From those podcasts, Suno reportedly planned to collect around 1 million hours of spoken audio.

Podcasts can help AI systems learn natural speech, conversations, storytelling, accents, pronunciation, and different speaking styles.

Another detail from the leaked files suggests that Suno used proxy services provided by Bright Data to collect content from YouTube. Proxy services are commonly used to automate large-scale web requests while avoiding technical limits placed on websites.

The leak has attracted even more attention because Suno is already involved in major copyright lawsuits.

In 2024, the Recording Industry Association of America (RIAA) and several major record labels filed lawsuits against both Suno and another AI music company called Udio.

The music companies accuse both businesses of training their AI systems using copyrighted songs without obtaining permission from artists or copyright owners.

The RIAA also claimed that Suno copied music directly from YouTube to build its AI models.

Suno has denied any wrongdoing. The company argues that its AI was trained using publicly available music files and metadata and says this practice is protected under the legal principle of fair use.

Fair use is a legal concept that, in some situations, allows copyrighted material to be used without permission for purposes such as education, research, commentary, or technological development. However, whether AI training qualifies as fair use is currently being debated in courts around the world.

The newly leaked files could become important evidence because they appear to provide more detailed information about how much data Suno collected and where that data came from.

According to 404 Media, the hacker identified themselves as “ellie.191.”

The hacker claimed they gained access to Suno by compromising one of the company’s employees using a cyberattack known as the Shai-Hulud worm.

The Shai-Hulud worm is described as a supply-chain attack that allows attackers to steal login credentials for services such as GitHub and cloud platforms. Once hackers obtain these credentials, they may be able to access internal company systems and private code repositories.

The hacker told 404 Media that there was no specific reason for targeting Suno. They claimed they simply enjoy hacking different companies and systems.

The hacker also claimed to have accessed Suno’s customer database.

According to the report, the leaked information included customer email addresses, phone numbers, and some payment-related information connected to Stripe, depending on how users created their accounts.

Some Suno users reportedly confirmed that they had signed up using their phone numbers and said they had not received any notification that their information may have been exposed.

Suno responded by saying that the breach involved older source code rather than its current systems.

The company also stated that no sensitive personal information or complete credit card details were exposed. Suno added that payment processing is handled by Stripe, meaning the company itself does not store customers’ full payment card information.

The incident has created new concerns not only for Suno but also for the entire AI industry.

As AI tools become more advanced, companies need huge amounts of data to train their models. Many AI developers collect publicly available information from websites, online databases, videos, images, music, and text.

However, artists, musicians, writers, photographers, and publishers argue that their work should not be used for AI training without their permission or compensation.

Technology companies, on the other hand, often argue that using publicly available content for AI training is legal under fair use and is necessary to develop better AI systems.

The Suno leak has once again brought this debate into the spotlight. If the leaked documents accurately describe how the company collected training data, they could become an important part of the ongoing legal cases involving AI-generated music.

Overall, the reported cyberattack has exposed internal details about how one of the world’s leading AI music companies may have built its training library. While Suno says the leaked code is outdated and denies exposing sensitive customer information, the incident is likely to increase scrutiny from regulators, artists, and record labels. It also highlights the growing legal and ethical questions surrounding the use of copyrighted online content to train artificial intelligence systems

spot_img

Related articles

spot_img