Suno Caught Scraping Millions of YouTube Songs in Code Leak

A devastating source code leak has revealed that generative AI music platform Suno scraped over 2 million YouTube Music clips to train its AI models.
Image Credit / Tech Crunch

Leaked Suno source code confirms the company scraped millions of songs from YouTube, Deezer, and Genius to train its AI music generator.

In a massive blow to the secrecy guarding artificial intelligence training datasets, a high-profile security breach has pulled back the curtain on how generative music is manufactured. Officially reported on Wednesday, July 15, 2026, a hacker successfully leaked internal source code and database logs belonging to Suno, one of the world’s most popular AI-generated music platforms. First published by the investigative outlet 404 Media, the leaked data provides the first concrete, documented proof that Suno built its highly sophisticated music generator by systematically scraping millions of copyrighted songs, lyrics, and vocal stems from mainstream digital music platforms. This development abruptly turns theoretical industry accusations into written corporate evidence, instantly complicating Suno’s ongoing legal battles with the global music establishment.

The technological theft took place across a highly coordinated digital dragnet, targeting prominent web properties including YouTube Music, Deezer, and Genius. According to inventory files discovered inside the leaked code repositories, Suno’s automated crawlers vacuumed up an astonishing 2,013,545 individual clips from YouTube Music alone, translating to roughly 113,879 hours of audio. Additionally, the platform scraped more than 12,000 hours of audio from the streaming service Deezer, over 17,000 hours of lyrics and metadata from Genius, and tens of thousands of hours from stock libraries like Pond5. To make matters worse for the startup, the code reveals specific routines designed to hunt down clean, isolated “acapella” vocals on YouTube. To bypass YouTube’s rate limits and automated anti-scraping defenses, Suno reportedly routed its harvesting queries through Bright Data, a commercial proxy network service.

See Also: US Indicts Russians Who Blocked Law Enforcement for $62M

The timeline of the security compromise reveals a long-standing silence from Suno’s leadership regarding customer safety. A hacker operating under the alias “ellie.191” executed a supply-chain attack back in November 2025, exploiting a vulnerability in the “Shai-Hulud” npm worm to compromise an internal employee’s credentials. This entry allowed the hacker to quietly download proprietary code and steal a customer database containing the email addresses, phone numbers, and partial Stripe billing details of hundreds of thousands of users. While Suno acknowledged the intrusion, characterizing it as a “limited security incident” that was quickly contained, the company chose not to notify its user base, claiming that no sensitive financial data was compromised.

The underlying motivation behind the leak, as expressed by the hacker, was simply the chaotic pursuit of digital penetration. However, the real-world impact of this data dump is highly strategic, arriving just weeks before a critical federal court summary-judgment hearing. The Recording Industry Association of America (RIAA), representing giants like Sony Music and Universal Music Group, is currently suing Suno for massive copyright infringement, accusing the startup of “stream ripping” copyrighted music. While Suno has previously admitted in broad terms to training on “essentially all music files of reasonable quality” on the open web under the banner of “fair use,” this leak provides the plaintiffs with a literal, timestamped catalog of exactly what was taken.

About the Author

Jennifer Sakmufuwo Baba

Jennifer Sakmufuwo Baba is a tech analyst and writer covering artificial intelligence, fintech, and emerging technologies at TechRegard. Based in Nigeria, she's passionate about translating complex tech developments into compelling, accessible stories for diverse audiences. Her work focuses on how technology shapes innovation across Africa and globally.