Suno snatched millions of songs from YouTube, Genius, and Deezer

Suno snatched millions of songs from YouTube, Genius, and Deezer

Suno 从 YouTube、Genius 和 Deezer 窃取了数百万首歌曲

Hacked files reportedly show that Suno ripped decades of audio from protected platforms. 据报道,被黑客窃取的文件显示,Suno 从受保护的平台中抓取了长达数十年的音频内容。

Suno data obtained in a hacking incident has exposed that the AI music generator was trained by scraping millions of songs and lyrics from online audio platforms, including YouTube Music, Deezer, and Genius, 404 Media reports. Given that Suno has avoided revealing what’s in its training datasets and how they were acquired, this is a rare glimpse into what Suno has actually been taking from online platforms. 据 404 Media 报道,在一次黑客攻击事件中获取的 Suno 数据显示,该 AI 音乐生成器是通过从 YouTube Music、Deezer 和 Genius 等在线音频平台抓取数百万首歌曲和歌词进行训练的。鉴于 Suno 一直避免透露其训练数据集的内容及获取方式,这让我们难得地窥见了 Suno 实际上从在线平台获取了哪些资源。

That’s relevant because Suno has been the subject of several lawsuits that allege it used copyrighted materials to train its AI models. In a notable case filed by the Recording Industry Association of America (RIAA), Suno openly admitted that it does so, arguing that training on copyrighted materials and publicly available music files from the open internet is legally permitted under fair use doctrine. Whether or not a court agrees with that, an amendment filed by the RIAA last year also alleges that Suno unlawfully circumvented YouTube’s copyright protections by intentionally “stream ripping” tracks from the platform. 这一点至关重要,因为 Suno 正面临多起诉讼,指控其使用受版权保护的材料来训练其 AI 模型。在美国唱片业协会 (RIAA) 提起的一起著名案件中,Suno 公开承认了这一点,并辩称在受版权保护的材料和互联网上公开可用的音乐文件上进行训练,在“合理使用”原则下是合法的。无论法院是否认同这一观点,RIAA 去年提交的一份修正案还指控 Suno 通过故意从 YouTube 平台“流媒体翻录”(stream ripping) 曲目,非法规避了该平台的版权保护措施。

Materials shared with 404 Media by the hacker, referred to as “ellie.191,” reportedly back up those allegations. The data includes Suno source code from 2023 and 2024, alongside scraping instructions to pull audio files from YouTube Music, Deezer, Genius, Pond5, Jamendo, Freesound, and the International Music Score Library Project (IMSLP). Other leaked code reportedly suggests that Suno used a third-party company called Bright Data to scrape music from YouTube, and seemingly searched for a cappella versions of songs on the platform to source vocal-only audio. 据称,黑客“ellie.191”与 404 Media 分享的材料证实了这些指控。这些数据包括 Suno 2023 年和 2024 年的源代码,以及从 YouTube Music、Deezer、Genius、Pond5、Jamendo、Freesound 和国际乐谱库项目 (IMSLP) 中提取音频文件的抓取指令。其他泄露的代码显示,Suno 曾使用一家名为 Bright Data 的第三方公司从 YouTube 抓取音乐,并似乎在平台上搜索歌曲的无伴奏合唱版本,以获取纯人声音频。

A file for YouTube Music notes that Suno had consumed 2,013,545 YouTube Music clips at the point it was last updated. According to another file, datasets compiled by Suno included hundreds of thousands of hours of YouTube Music, thousands of hours of Deezer, Genius, IMSLP, Jamendo, and Pond5, and hundreds of hours of Freesound and MuseScore lyrics. Suno also sought to download roughly one million hours of podcasts via an online tool called PodcastIndex, according to additional code. 一份关于 YouTube Music 的文件指出,截至上次更新时,Suno 已经消耗了 2,013,545 个 YouTube Music 剪辑。根据另一份文件,Suno 汇编的数据集包括数十万小时的 YouTube Music 内容,数千小时的 Deezer、Genius、IMSLP、Jamendo 和 Pond5 内容,以及数百小时的 Freesound 和 MuseScore 歌词。根据其他代码显示,Suno 还试图通过一个名为 PodcastIndex 的在线工具下载约一百万小时的播客。

“As we have stated in public filings and disclosures, Suno’s AI models have been trained on publicly available music files and related metadata accessible on third-party websites on the open Internet,” an unnamed Suno spokesperson said in a statement to 404 Media. Suno 的一位匿名发言人在给 404 Media 的声明中表示:“正如我们在公开文件和披露中所述,Suno 的 AI 模型是在开放互联网上第三方网站可访问的公开音乐文件及相关元数据的基础上进行训练的。”

Suno customer information was also accessed by the hacker, which included email addresses, phone numbers, and Stripe payment details. Some of the customers contacted by 404 Media confirmed that they had signed up for the service, and said that Suno never notified them about a security breach. 黑客还获取了 Suno 的客户信息,其中包括电子邮件地址、电话号码和 Stripe 支付详情。一些被 404 Media 联系到的客户证实他们曾注册过该服务,并表示 Suno 从未通知过他们发生了安全漏洞。

In a statement to 404 Media, a Suno spokesperson said the company became aware of a security incident in November 2025, and that the situation was quickly contained. 在给 404 Media 的声明中,Suno 发言人表示,公司在 2025 年 11 月获悉了一起安全事件,并称该情况已得到迅速控制。

“At the time, we immediately conducted an investigation and verified that the incident primarily involved outdated source code that is no longer in use at Suno and that no sensitive personal information was compromised. Importantly, Suno does not have access to customers’ full credit card numbers in Stripe,” the Suno spokesperson said. “Based on the limited nature of the customer information believed to be involved, we determined that individual notifications were not warranted under applicable privacy laws.” Suno 发言人表示:“当时,我们立即进行了调查,并核实该事件主要涉及 Suno 已不再使用的过时源代码,没有敏感的个人信息遭到泄露。重要的是,Suno 无法在 Stripe 中获取客户的完整信用卡号。基于所涉及客户信息的有限性,我们认定根据适用的隐私法,无需进行个人通知。”