Business · XiaoHu Explainer

Hack exposes Suno's training library: code shows ~380,000 hours scraped from YouTube Music and more

A worm-based breach of Suno spilled source code naming which sites were scraped and for how many hours of music—plus user data. The company says it does not need to notify users one by one.

One-minute brief
  • A hacker going by ellie.191 used a worm known as Shai-Hulud to access a Suno employee account and handed source code tied to training data to 404 Media.
  • Source comments point to scrapes from YouTube Music, Pond5, Deezer, Genius, and more—nine libraries totaling about 380,000 hours. A youtube_music file also notes more than 2.01 million audio clips already pulled.
  • The code used Bright Data proxies against YouTube and searched for a cappella vocals. Separately, it planned downloads from roughly 420,000 podcasts—about 1 million hours intended, not shown to be fully complete.
  • In the same breach, the hacker also accessed Suno users' emails, phone numbers, and Stripe-related payment data—hundreds of thousands of users, ellie.191 told 404 Media. TechCrunch reported that some card numbers appeared in the material as well.
  • Suno says it found the security incident in November 2025, that impact was limited, the code mostly outdated, and that no full credit-card numbers were accessed—so it claims no legal duty to notify each user. Some users 404 interviewed said they never received any notice at all.
1Opening

A Suno breach leaked two things

AI music company Suno was hacked. Operating as ellie.191, the attacker used a worm called Shai-Hulud (also known as the sandworm) to steal employee credentials, grab source code tied to training data, and pass it to tech outlet 404 Media.

What jumps out in the code is where the training set came from and how long it is: YouTube Music, Deezer, Genius, Pond5, and others named in comments—about 380,000 hours in total. There is also a plan to download roughly 1 million hours of podcasts.

  • 113,879 hours · YouTube Music (youtube_music)
  • 152,162 hours · another YouTube-related library (ytm_tagged, the largest single set)
  • 62,117 hours · Pond5 stock library
  • 12,287 hours · Deezer, plus Genius lyrics and more
  • ~1M hours · planned podcast downloads (~420,000 shows)

In the same breach, the hacker also saw Suno users' emails, phone numbers, and related data on payment processor Stripe. Ellie.191 told 404 Media the haul covered hundreds of thousands of users. TechCrunch's reporting said some card-number data was in the material as well.

Suno's account: the incident was found in November 2025, contained quickly, limited impact—so no individual user notices. Some users 404 Media interviewed said they only learned their personal data might have leaked by reading the news.

Two reasons this story matters. First, which sites Suno scraped and how much—formerly vague claims, now concrete names and hour counts in source comments. Second, whether the company notified users after the breach. 404 Media published first on July 15, 2026; Music Business Worldwide, Variety, TechCrunch, and others followed.
What is Shai-Hulud?

Shai-Hulud is a supply-chain worm: it does not smash the company homepage; it steals GitHub, cloud, and other credentials from tools and logins on developers' machines. Ellie.191 told 404 Media that is how a Suno employee was hit. Asked why Suno, the hacker's rough answer was that they like hacking everything.

Hero image from the 404 Media article
Hero image from 404 Media. Source: 404 Media (credit: Image: Suno)
2Scale

Where the data came from, and how much there is

The source media reviewed appears to date from roughly 2023–2024. One comment says data should be pulled from the libraries below, with non-music filtered out.

Library names named in source comments

genius_hqyoutube_musicfreesoundjamendoimp(IMSLP)、deezerytm_tagged

There are also notes on datasets such as pond5_music and musescore_lyrics. Comments say non-music will be filtered out.

~382K
hours · nine libraries combined (~43 years continuous play)
~266K
hours · two YouTube-related libraries combined
2.01M+
clips · count recorded in the youtube_music file
~1M
hours · podcast target volume (more in the next section)
Dataset length (hours)
ytm_tagged
152,162
youtube_music
113,879
pond5_music
62,117
imslp
19,514
genius_hq
17,615
deezer
12,287
jamendo
3,726
freesound
410
musescore
103

Longer bars mean more hours; ytm_tagged is the longest. The nine items above sum to about 381,813 hours. 404 only said the haul was “at least decades of music” and did not publish a separate total. The ~1 million podcast hours are a separate plan and are not in this chart.

Streaming
YouTube Music
youtube_music and ytm_tagged together total about 266,000 hours. The youtube_music file also records more than 2.01 million clips already scraped.
Streaming
Deezer
About 12,300 hours. Deezer usually needs a paid subscription for full tracks; Suno says training used only material “publicly accessible on the open internet.” Public materials do not spell out how both claims hold at once.
Lyrics
Genius
About 17,600 hours. Genius is mainly lyrics; full tracks often play via embedded Apple Music. The site itself does not fully host a complete song catalog.
Stock
Pond5 etc.
Pond5 is part of Shutterstock; public figures put the library at about 2.5 million tracks. At the commented 62,117 hours, MBW and others take that as a sizable cut of the catalog.
3Method

How the code pulled this material

That was scale. Next is method. Music Business Worldwide and others, working from 404's materials, filled in more concrete details.

Sources YouTube etc. Bright Data Proxy scrape Find a cappella Filter non-music Into datasets Suno model Train on it
Sketch of the YouTube-related scrape path. For other sites, 404 says the files do not show the full method.

YouTube proxies and a hunt for a cappella

The code shows Suno used Bright Data proxies to scrape songs on YouTube. It also searched for a cappella—voice-only versions—apparently to isolate vocals.

What labels call stream ripping is playing audio online while saving it as a downloadable file. This pipeline runs as scripted bulk jobs, not “the model happened to hear a few tracks on the web.”

A plan for about 1 million hours of podcasts

Another path in the code: use PodcastIndex to find roughly 420,000 podcasts. Filters roughly require at least 5 episodes per show, about 30 minutes each, and attempt downloads totaling about 1 million hours of audio.

That 1 million hours is a download plan; public reporting has not shown it was fully completed or all folded into training. The nine libraries' ~380,000 hours are a separate ledger already written into comments—do not merge them with the podcast plan.

How the company talks about “public data”

In court filings and its California disclosure page, Suno says training used music files publicly available online and that it respects paywalls and password protection. Named sources like Deezer and Pond5 often require paid access or a subscription. How Suno obtained those sources while “respecting paywalls” is not spelled out in the public record.

4Litigation

Why this matters for the lawsuits

Suno was already fighting labels in court. The leaked source fills in which sites were scraped and how.

From 2024 · major labels sue
Coordinated by the RIAA, Universal, Sony, and others sued Suno for training on large amounts of copyrighted music without authorization. Suno argues fair use. The company has also said its training set covers nearly every decent-sounding music file on the open internet—tens of millions of recordings.
September 2025 · complaint escalates
RIAA further alleged Suno stream-ripped YouTube and bypassed technical protections against mass download (including rolling cipher). That may implicate DMCA anti-circumvention rules. Anti-circumvention and whether training is fair use are separate tracks and can be litigated apart.
November 2025 · company says it found the incident
Suno says it discovered a limited security incident then and contained it quickly. Broad public discussion of training code and user data followed media reports in July 2026.
Around May 2026 · damages stakes rise
Per Music Business Worldwide, Universal and Sony sought to expand the song list from 560 to about 61,000 (matched by audio fingerprinting). At maximum statutory damages per track, the theoretical ceiling jumps from roughly $84 million to over $9 billion. A judge has not ruled on whether expansion is allowed.
June 29, 2026 · Jamendo sues too
Licensing platform Jamendo sued Suno in the same U.S. court. Jamendo says about 55,600 tracks were licensed only for non-commercial academic use, and Suno trained on them without a commercial license. Damages claimed start at roughly €17.8 million.
July 15, 2026 · 404 report
Source comments spell out YouTube Music and other site names plus hour counts. 404 Media and follow-up outlets say that aligns with claims that Suno ripped songs directly from YouTube.
Why two layers matter

Layer one is copyright: whether copying others' songs for training can be fair use under U.S. law. Layer two is technical protection: whether YouTube's anti-download measures were bypassed. Even while layer one is still fought, layer two can stand on its own. The leak mainly hardens the case that Suno bulk-pulled tracks from YouTube.

As we have stated in public filings and disclosures, Suno’s AI models have been trained on publicly available music files and related metadata accessible on third-party websites on the open Internet. Suno spokesperson to 404 Media (as quoted by Music Business Worldwide and others)
5Users

What the company says—and what users heard

One track is whether training data infringes. The other is whether user data leaked and whether the company told people. Both showed up in the same breach.

Suno's account

In November 2025 it found a limited security incident and contained it quickly. Mostly unused old source code. Sensitive personal data was not compromised. The company cannot access full card numbers on Stripe. So it says the law does not require individual notices. On training data, it says it already made the required California public disclosures.

What reporting and users say

Hacker ellie.191 claims access to emails, phone numbers, and Stripe-related data for hundreds of thousands of users. TechCrunch reported some card numbers in the material. 404 Media's Jason Koebler wrote on Bluesky that users were never notified. Some customers told 404 the same: no breach notice; they learned from the reporting.

Two facts hold up fairly well for now. First, Suno judged this a “limited incident” that did not require one-by-one notices. Second, at least some users first heard of it in July 2026 via the press. Whether full card numbers were exposed, and which Stripe fields were visible, still depends on later company statements and any regulator or court findings.

Suno's California AB 2013 disclosure page still says the training set is tens of millions of public music files and related text, collected since spring 2023, possibly including both public-domain and copyrighted songs, while respecting paywalls and passwords. What this leak adds is detail the earlier vague language lacked: specific site names, hours per library, Bright Data proxies, and a deliberate search for a cappella vocals.

The hacked data is a rare look at exactly how AI models and tools are built. Jason Koebler / 404 Media,2026-07-15

Main sources: 404 Media original (Jason Koebler, July 15, 2026). The second half of the 404 piece is paywalled; the free portion only reaches dataset hour counts. Details on the worm, Bright Data, a cappella searches, the podcast plan, company statements, users who received no notice, and the Jamendo suit were cross-checked against Music Business Worldwide, Variety, TechCrunch, TechTimes, and the author's Bluesky posts. Suno's own disclosure: California AB 2013. Nine-library hour totals are direct sums; the ~1 million podcast hours are the planned download scale.