Leaked files put Suno’s AI music training under pressure

Reportedly hacked Suno files offer a rare look at how the AI music generator may have built training datasets from online music and lyrics platforms. The material described by 404 Media connects scraping instructions, source code, copyright lawsuits, and a separate security incident involving customer information.

Leaked files put Suno’s AI music training under pressure

Newly reported Suno files have sharpened one of the central questions around AI music: what, exactly, was used to train the system, and how was it gathered?

According to 404 Media, data obtained in a hacking incident indicates that Suno scraped millions of songs and lyrics from online platforms, including YouTube Music, Deezer, and Genius. The report matters because Suno has not fully disclosed the contents of its training datasets or the way those datasets were acquired.

What the leaked Suno data reportedly shows

The reported material includes Suno source code from 2023 and 2024, along with scraping instructions tied to several audio, lyrics, and music-related platforms. The platforms named in the source include YouTube Music, Deezer, Genius, Pond5, Jamendo, Freesound, and the International Music Score Library Project (IMSLP).

The files were shared with 404 Media by a hacker identified as “ellie.191.” According to the report, the data appears to support allegations that Suno gathered protected audio from online services rather than relying only on clearly licensed or self-owned material.

One YouTube Music file reportedly said Suno had consumed 2,013,545 YouTube Music clips when that file was last updated. Another file reportedly described datasets that included hundreds of thousands of hours of YouTube Music, thousands of hours from Deezer, Genius, IMSLP, Jamendo, and Pond5, plus hundreds of hours of Freesound and MuseScore lyrics.

Additional code reportedly indicated that Suno sought to download roughly one million hours of podcasts through an online tool called PodcastIndex. Other leaked code reportedly suggested that Suno used Bright Data, a third-party company, to scrape music from YouTube. The same material also appeared to show searches for a cappella versions of songs on YouTube, apparently to obtain vocal-only audio.

Why the copyright fight matters

The files arrive against the backdrop of lawsuits alleging that Suno used copyrighted materials to train its AI models. In a notable case filed by the Recording Industry Association of America (RIAA), Suno has openly admitted that it trains on copyrighted materials. Its position is that training on copyrighted materials and publicly available music files from the open internet is permitted under fair use doctrine.

That legal argument is separate from the factual question of how the material was gathered. The source article notes that an amendment filed by the RIAA last year alleges Suno unlawfully bypassed YouTube’s copyright protections by intentionally “stream ripping” tracks from the platform.

The newly described files are important because they appear to give more specific shape to that dispute. Instead of the argument staying at the level of whether AI training can use copyrighted music, the report points to alleged technical processes: scraping instructions, platform-specific files, source code, and apparent efforts to collect particular kinds of audio.

For artists, labels, platforms, and AI companies, that distinction is central. A model’s training data is not just an engineering detail. It can affect copyright exposure, trust with creators, and the future rules of how generative music systems are built.

Suno’s explanation of its training data

Suno’s response, as reported by 404 Media, emphasizes that its training material came from the open internet. An unnamed Suno spokesperson said: “As we have stated in public filings and disclosures, Suno’s AI models have been trained on publicly available music files and related metadata accessible on third-party websites on the open Internet,”

That statement does not settle the dispute. The key issue is whether the way those files were obtained and used is legally allowed. Suno argues that training on such material is protected by fair use doctrine. The RIAA and other legal challenges dispute the company’s use of copyrighted materials.

The leaked files, if accurately described, also raise a transparency issue. Suno has avoided giving a full public account of what is inside its training datasets. The hacked data therefore offers an unusual outside view into a part of the AI music business that is normally closed to users, artists, and the public.

The security incident adds another concern

The same hacking incident also reportedly exposed Suno customer information. According to the source, the accessed information included email addresses, phone numbers, and Stripe payment details.

Some customers contacted by 404 Media confirmed that they had signed up for Suno and said they had not been notified by the company about a security breach. Suno, in a statement to 404 Media, said it became aware of a security incident in November 2025 and that the situation was quickly contained.

The company said the incident primarily involved outdated source code no longer used at Suno, and that no sensitive personal information was compromised. Suno also said it does not have access to customers’ full credit card numbers in Stripe.

“At the time, we immediately conducted an investigation and verified that the incident primarily involved outdated source code that is no longer in use at Suno and that no sensitive personal information was compromised. Importantly, Suno does not have access to customers’ full credit card numbers in Stripe,” the Suno spokesperson said. “Based on the limited nature of the customer information believed to be involved, we determined that individual notifications were not warranted under applicable privacy laws.”

What this means for AI music

The Suno report brings together two pressures facing generative AI companies: training-data accountability and data security. The first is about what an AI system learns from. The second is about how a company protects the code, records, and customer information around that system.

For Suno, the most immediate issue is that reported internal files now appear to describe the scale and sources of its data collection in greater detail than the company has publicly offered. The reported 2,013,545 YouTube Music clips, the platform-specific scraping instructions, and the alleged use of Bright Data all add concrete points to a broader copyright fight.

For the wider AI music market, the lesson is straightforward: training data is becoming a public accountability issue. Companies that generate songs, vocals, lyrics, or music-like outputs may face growing pressure to explain not only what their models can create, but what material made those capabilities possible.