The code also suggested that Suno was using proxies to scrape songs from YouTube through a company called Bright Data, which sells scraping tools, infrastructure, and data services. Additional code shows that with the help of an online tool called PodcastIndex, Suno identified 420,000 different podcasts that had at least five, 30-minute episodes and sought to download roughly 1 million hours of podcasts
The hacker, ellie.191, told 404 Media they breached the company by hacking an individual employee using the Shai-Hulud worm, a supply chain attack that allowed hackers to harvest GitHub and cloud service credentials. They said they also accessed Suno’s customer list, which included customers’ emails and/or phone numbers and Stripe payment details, depending on what they used to login. The hacker provided a sample of some of the customers, some of whom confirmed to 404 Media they had used their phone number to sign up for Suno and said they were never notified of a breach.
Last month, The Atlantic reported on several music databases that are widely used in AI training, consisting of millions of tracks: “Three of the datasets I found are distributed as a list of links to songs on YouTube or Spotify. AI developers download the actual audio using tools that automate the job, some of which allow developers to bypass logins, advertisements, and mechanisms that might earn money or subscribers for creators. Such tools violate the terms of service of these platforms.
Archive link: https://archive.ph/xX3XW
If music generated gets diffused out of training data, you could have a map of percantages which songs are used in the generation? We could then pay artist based on this percentage. They would also need to opt in ofc for this to be moral.
On one hand, I’m happy that an AI company got slapped on the wrist for this. On the other, I don’t give a shit about Google or Spotify.
I hope all of these companies burn and all the money can go to the music artists.
Hack reveals what everyone already knew and the govt has already decided is totally ok.
Is anyone surprised by this? Like seriously.
No, but it’s good to have proof.
We must band together and protect the record companies! All music generation must go through Universal and Warner’s proprietary app. Death to training without paying the stockholders, death to open-source.
All hail censorship, all hail Google.
The only things I despise more than a predator company are other predator companies
Edit: grammar
All the current lawsuits kind of suck because its all copyright juggernaut vs big AI companies. It feels mostly lose lose for us but only one of the two outcomes kneecaps open source and community driven options.
Another frustrating bit is that it’s win win for big AI. Even if they lose, it just means a cheap fine while getting a massive moat because of the new cost of entry.
I personally know indie musicians who are popular enough to have had their music scraped and used as training data, in part because they are forced to use platforms like Spotify, YouTube, etc. to eke out a living. And then people have had the audacity to present AI slop versions of music using their vocals to them, expecting them to be happy about it.
Were they paid for their decades of work? No. Were they given the opportunity to opt out? No. This isn’t The Man trying to capitalize upon an open and equitable system. This is The Man stealing from the poors and each other, and pretending they didn’t (or worse, acting like their victimhood is somehow equal to everyone else’s).
And to add even further insult to injury, these companies have tricked many of those same poors that these plagiarism engines are tools to “level the playing field” against people who have spent years honing their craft. Why, the very nerve of those people using their time to become experts! /s
Death to training without paying the stockholders, death to open-source…
Even better: how about death to training until you pay the original artists fairly and equitably, or allow them to opt out? AI should not be treated as some inevitable thief that we must all work around.
Fair points but the current lawsuits arent there to solve any of them. The lawsuit against Udio essentially gave ownership of the app to UMG and Warner. No artists were payed. The app still exists, except you have to pay to download the song and they put extra copyrights on every song generated now.
It’s insanely transparent imo, they want a monopoly on generated music as well as the regular stuff. I wish artists had a chance.
Even worst is that UMG will probably start pushing AI music once the dust settles because there’s more profit in it, especially if they own it the moment it’s made and can dictate the terms with a simple ToS.
Industry based on piracy shocked by piracy.
With EU customers, not reporting a breach within 72 hours of learning about it is actually illegal under GDPR.
https://gdpr-info.eu/art-33-gdpr/
Not sure how much trouble that can get you into though.
Yeah it was funny to read :
“Based on the limited nature of the customer information believed to be involved, we determined that individual notifications were not warranted under applicable privacy laws,” the Suno spokesperson added.
But then (talking about the hacker):
They said they also accessed Suno’s customer list, which included customers’ emails and/or phone numbers and Stripe payment details, depending on what they used to login. The hacker provided a sample of some of the customers, some of whom confirmed to 404 Media they had used their phone number to sign up for Suno and said they were never notified of a breach.
I guess email address, phone and payment details don’t matter enough to notify people.
Wasn’t this already known? Not the hack but the scraping? From Jan 2025:
“Earlier this year it dawned on me that very little of what generative AI companies were non-consensually scraping off the internet was uncompressed or lossless, they scraped things like YouTube and Spotify and SoundCloud to make their data sets generate AI music.
https://musictech.com/news/music/benn-jordan-detect-ai-music/
Yeah.
The lawsuits have made clear that Suno did train on huge amounts of copyrighted works, but the hacked data shared with 404 Media sheds more light on how Suno scraped songs from the internet and where it took them from.
If the leak is authentic, it doesn’t just expose scraped data: it exposes trust. AI companies keep asking courts to accept »fair use« while telling the public as little as possible about their training data. Transparency shouldn’t arrive through a hack. It should have been there from the start. We really need open source AI beyond open weight models.
Do you outsource your comments to an LLM? Got a lot of the hallmarks of AI writing here and in your previous comments.
Edit: yeah I’m like 80% certain this is another automated LLM account. Their profile description reeks of it, and except for the first three comments, their comment length is consistent at all times, there is an overuse of colons and “it’s not X it’s Y” statements, and weird formatting choices across the board. This is pretty much a running advertisement for their AI consultant and news (?) platform.
A shocking number of lemmings put their comments through an LLM before posting, and a lot of them comment on basically every rising thread too. You start to recognize recurring usernames before long. Lot of em use sockpuppets too since you’ll always see their comments with the same number of upvotes. I don’t think they realize up and down votes are public. Anyway, yeah like half the users here use a gpt for their comments.
So we’re reaching the stage where sounding consistent is treated as stronger evidence than being wrong? If every structured comment is dismissed as AI, discussion gets replaced by authorship detective work. Refute the points instead of running a literary CAPTCHA on every reply. Thanks!
Nah you’re just here to advertise your shit AI website that nobody asked for, begone clanker
A lot of their comments start with “Funny how…”
Must have only sprung for Claude Haiku and not Sonnet. Lol








