Hack exposes Suno's training library: code shows ~380,000 hours scraped from YouTube Music and more
A worm-based breach of Suno spilled source code naming which sites were scraped and for how many hours of music—plus user data. The company says it does not need to notify users one by one.
- A hacker going by ellie.191 used a worm known as Shai-Hulud to access a Suno employee account and handed source code tied to training data to 404 Media.
- Source comments point to scrapes from YouTube Music, Pond5, Deezer, Genius, and more—nine libraries totaling about 380,000 hours. A youtube_music file also notes more than 2.01 million audio clips already pulled.
- The code used Bright Data proxies against YouTube and searched for a cappella vocals. Separately, it planned downloads from roughly 420,000 podcasts—about 1 million hours intended, not shown to be fully complete.
- In the same breach, the hacker also accessed Suno users' emails, phone numbers, and Stripe-related payment data—hundreds of thousands of users, ellie.191 told 404 Media. TechCrunch reported that some card numbers appeared in the material as well.
- Suno says it found the security incident in November 2025, that impact was limited, the code mostly outdated, and that no full credit-card numbers were accessed—so it claims no legal duty to notify each user. Some users 404 interviewed said they never received any notice at all.
A Suno breach leaked two things
AI music company Suno was hacked. Operating as ellie.191, the attacker used a worm called Shai-Hulud (also known as the sandworm) to steal employee credentials, grab source code tied to training data, and pass it to tech outlet 404 Media.
What jumps out in the code is where the training set came from and how long it is: YouTube Music, Deezer, Genius, Pond5, and others named in comments—about 380,000 hours in total. There is also a plan to download roughly 1 million hours of podcasts.
- 113,879 hours · YouTube Music (youtube_music)
- 152,162 hours · another YouTube-related library (ytm_tagged, the largest single set)
- 62,117 hours · Pond5 stock library
- 12,287 hours · Deezer, plus Genius lyrics and more
- ~1M hours · planned podcast downloads (~420,000 shows)
In the same breach, the hacker also saw Suno users' emails, phone numbers, and related data on payment processor Stripe. Ellie.191 told 404 Media the haul covered hundreds of thousands of users. TechCrunch's reporting said some card-number data was in the material as well.
Suno's account: the incident was found in November 2025, contained quickly, limited impact—so no individual user notices. Some users 404 Media interviewed said they only learned their personal data might have leaked by reading the news.
Shai-Hulud is a supply-chain worm: it does not smash the company homepage; it steals GitHub, cloud, and other credentials from tools and logins on developers' machines. Ellie.191 told 404 Media that is how a Suno employee was hit. Asked why Suno, the hacker's rough answer was that they like hacking everything.
Where the data came from, and how much there is
The source media reviewed appears to date from roughly 2023–2024. One comment says data should be pulled from the libraries below, with non-music filtered out.
genius_hq、youtube_music、freesound、jamendo、imp(IMSLP)、deezer、ytm_tagged
There are also notes on datasets such as pond5_music and musescore_lyrics. Comments say non-music will be filtered out.
How the code pulled this material
That was scale. Next is method. Music Business Worldwide and others, working from 404's materials, filled in more concrete details.
YouTube proxies and a hunt for a cappella
The code shows Suno used Bright Data proxies to scrape songs on YouTube. It also searched for a cappella—voice-only versions—apparently to isolate vocals.
What labels call stream ripping is playing audio online while saving it as a downloadable file. This pipeline runs as scripted bulk jobs, not “the model happened to hear a few tracks on the web.”
A plan for about 1 million hours of podcasts
Another path in the code: use PodcastIndex to find roughly 420,000 podcasts. Filters roughly require at least 5 episodes per show, about 30 minutes each, and attempt downloads totaling about 1 million hours of audio.
That 1 million hours is a download plan; public reporting has not shown it was fully completed or all folded into training. The nine libraries' ~380,000 hours are a separate ledger already written into comments—do not merge them with the podcast plan.
How the company talks about “public data”
In court filings and its California disclosure page, Suno says training used music files publicly available online and that it respects paywalls and password protection. Named sources like Deezer and Pond5 often require paid access or a subscription. How Suno obtained those sources while “respecting paywalls” is not spelled out in the public record.
Why this matters for the lawsuits
Suno was already fighting labels in court. The leaked source fills in which sites were scraped and how.
Layer one is copyright: whether copying others' songs for training can be fair use under U.S. law. Layer two is technical protection: whether YouTube's anti-download measures were bypassed. Even while layer one is still fought, layer two can stand on its own. The leak mainly hardens the case that Suno bulk-pulled tracks from YouTube.
As we have stated in public filings and disclosures, Suno’s AI models have been trained on publicly available music files and related metadata accessible on third-party websites on the open Internet. Suno spokesperson to 404 Media (as quoted by Music Business Worldwide and others)
What the company says—and what users heard
One track is whether training data infringes. The other is whether user data leaked and whether the company told people. Both showed up in the same breach.
In November 2025 it found a limited security incident and contained it quickly. Mostly unused old source code. Sensitive personal data was not compromised. The company cannot access full card numbers on Stripe. So it says the law does not require individual notices. On training data, it says it already made the required California public disclosures.
Hacker ellie.191 claims access to emails, phone numbers, and Stripe-related data for hundreds of thousands of users. TechCrunch reported some card numbers in the material. 404 Media's Jason Koebler wrote on Bluesky that users were never notified. Some customers told 404 the same: no breach notice; they learned from the reporting.
Two facts hold up fairly well for now. First, Suno judged this a “limited incident” that did not require one-by-one notices. Second, at least some users first heard of it in July 2026 via the press. Whether full card numbers were exposed, and which Stripe fields were visible, still depends on later company statements and any regulator or court findings.
Suno's California AB 2013 disclosure page still says the training set is tens of millions of public music files and related text, collected since spring 2023, possibly including both public-domain and copyrighted songs, while respecting paywalls and passwords. What this leak adds is detail the earlier vague language lacked: specific site names, hours per library, Bright Data proxies, and a deliberate search for a cappella vocals.
The hacked data is a rare look at exactly how AI models and tools are built. Jason Koebler / 404 Media,2026-07-15
Main sources: 404 Media original (Jason Koebler, July 15, 2026). The second half of the 404 piece is paywalled; the free portion only reaches dataset hour counts. Details on the worm, Bright Data, a cappella searches, the podcast plan, company statements, users who received no notice, and the Jamendo suit were cross-checked against Music Business Worldwide, Variety, TechCrunch, TechTimes, and the author's Bluesky posts. Suno's own disclosure: California AB 2013. Nine-library hour totals are direct sums; the ~1 million podcast hours are the planned download scale.