A hack reveals Suno scraped over two million YouTube songs
Hacked Suno code reportedly shows that the AI music company ingested more than 2 million YouTube Music clips, alongside huge libraries from Deezer, Genius, stock-music sites, and podcast feeds. The real tension is not simply that Suno trained on copyrighted music. Suno had already admitted that. It is that leaked files may now show exactly where the music came from and how it was pulled.
Scoop: The AI music generator Suno was hacked. Hacker shared source code that shows how the tool was made and part of the music and podcasts that were scraped to create it.
— Jason Koebler (@jason_koebler) July 15, 2026
Decades worth of music, lyrics, and podcasts from YouTube, Deezer, Genius & more pic.twitter.com/iXpfCPNU7H
Q1What actually happened?
404 Media reports that a hacker accessed Suno source code and internal data during a breach in November 2025. Files reviewed by the publication reportedly show scraping instructions, dataset names, and the amount of audio collected from services including YouTube Music, Deezer, Genius, Pond5, Jamendo, Freesound, and podcast feeds.
Q2How large was the collection?
One leaked file reportedly counted 2,013,545 YouTube Music clips. Other files listed 113,879 hours of YouTube Music, 152,162 hours of tagged YouTube material, 62,117 hours from Pond5, and 12,287 hours from Deezer. The code also appears to show an attempt to download roughly one million hours of podcasts. This was not a small research sample. It was an industrial collection pipeline.
Q3Didn’t we already know Suno used copyrighted music?
Broadly, yes. Suno previously said its models were trained on publicly available music files and argued that this qualifies as fair use. Court filings had already described a training collection containing tens of millions of recordings. What changes here is the level of detail. The leak reportedly names platforms, shows scraping code, and records specific volumes.
Q4Why does YouTube matter so much?
Record labels have accused Suno of stream ripping, meaning it allegedly bypassed YouTube’s protections to extract audio. Training on copyrighted work is already legally disputed. Deliberately avoiding technical protections can create a separate and potentially harder problem under copyright law. The leak appears to give that allegation more concrete support.
Q5Why is the timing especially bad?
Suno is no longer a tiny experiment. It said nearly 100 million people had created music on the platform by November 2025, when it raised $250 million at a $2.45 billion valuation. In June 2026, it raised another $400 million at a $5.4 billion valuation. That means a company worth billions may now have to defend the exact data pipeline that helped make its product valuable.
Q6Does this prove Suno broke the law?
No. Leaked code is evidence, not a court ruling. Suno can still argue that training is fair use, dispute how files were obtained, or say the exposed code was outdated. The company says the breach mainly involved old source code and that no sensitive personal information was compromised. The courts still have to decide what is legal.
Q7So what is the bigger signal?
AI music is moving from a vague copyright debate into a fight over logs, scripts, platforms, and exact file counts. Suno’s quality and rapid growth were built on enormous scale. The same scale now creates enormous legal exposure. The question is no longer only whether AI can make convincing music. It is whether companies can keep the models if the way they collected the training data does not survive in court.
