A November 2025 supply-chain breach via the Shai-Hulud worm handed hacker ellie.191 employee credentials and, with them, Suno source code that maps out exactly where the AI music tool went shopping for training data. Files label datasets with numbers like 2,013,545 YouTube Music clips (113,879 hours), 17,615 hours from Genius, 12,287 hours from Deezer, plus Pond5 stock music, podcast RSS feeds, and acapella hunts on YouTube.[[1]](https://www.404media.co/hack-reveals-suno-ai-music-generator-scraped-youtube-deezer-and-genius/)[[1]](https://www.404media.co/hack-reveals-suno-ai-music-generator-scraped-youtube-deezer-and-genius/)
The receipts land while UMG and Sony are still pressing their copyright case against Suno, seeking to add tens of thousands more recordings to the docket. Suno has long claimed fair-use training on publicly available files; the leaked logs now show third-party proxies and targeted scraping pipelines that make the "open internet" defense look less theoretical and more like a documented acquisition strategy.[[2]](https://www.musicbusinessworldwide.com/suno-asks-court-to-block-umg-and-sony-from-expanding-copyright-lawsuit-to-over-61000-recordings/)
Suno's statement downplays the incident as "limited," limited to outdated code, and free of sensitive personal data, but the hacker also pulled customer emails, phone numbers, and Stripe records that some users say were never disclosed to them. The breach didn't expose new personal data this week, but it did expose how little transparency the company offered about the decades of audio it quietly ingested.