Leaked code shows Suno used YouTube, Pond5 and Deezer data

Leaked source code shows Suno trained models on 113,879 hours from YouTube Music, 62,117 hours from Pond5 and 12,287 hours from Deezer and exposed internal logs.

Leaked source code and logs show Suno’s training pipelines included large volumes of audio from multiple commercial platforms and that the intrusion also captured internal records. The person claiming responsibility says they used malware called the Shai-Hulud worm to extract files dated 2023 and 2024.

The leaked files list precise ingestion totals: 113,879 hours from YouTube Music, 152,162 hours of tagged YouTube tracks, 62,117 hours from the stock library Pond5, 12,287 hours from Deezer and 17,615 hours labeled genius_hq. One internal YouTube Music ingestion log recorded 2,013,545 music clips. The code also documented a plan to download roughly 1 million hours of podcast audio via RSS feeds.

The person behind the leak claims to have copied source code and records tied to hundreds of thousands of customers, including email addresses, phone numbers and Stripe payment information. Suno disputes that sensitive personal information was compromised. The company described the exposure as “limited,” told regulators it identified the incident in November 2025 and said the material primarily involved outdated source code no longer in use. Suno informed regulators that individual customer notifications were not required under applicable privacy laws.

The leaked logs provide more specific, file-level tracking than Suno’s earlier public disclosures about training data. Under California law AB 2013, the company had already disclosed that its training data may include music “subject to intellectual property protection” and had estimated a corpus of tens of millions of publicly available audio files; the leaked code adds detailed source counts and ingestion records.

The disclosure is relevant to ongoing litigation. Major-label plaintiffs amended a suit against Suno to allege copying from YouTube, and the newly revealed ingestion logs correspond to the sources cited in that litigation. A competing AI music company settled with a major label in November 2025 and shifted to a licensed model. Suno is valued at about $5.4 billion and reports roughly 100 million users.

The files describe automated scraping pipelines, tagging systems and datasets that span millions of recordings and decades of audio. The release has prompted renewed public and industry focus on how generative music models collect source material and on companies’ data security practices.

Suno did not immediately respond to requests for comment on the leaked files and the hacker’s claims.

The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.

Articles by this author