AI music firm Suno scraped Deezer and YouTube data, hack reveals
A major security breach at AI music generator Suno has exposed how the company scraped millions of songs from platforms including European streaming service Deezer to train its models, intensifying a legal battle that threatens the continent's creative economy.
AI music generator Suno suffered a major data breach in November 2025 that exposed both user payment details and the company's methods for acquiring training data. The hack revealed that the firm scraped millions of songs and lyrics from major streaming platforms, including European service Deezer, as well as YouTube and Genius.
Leaked data showed that Suno also harvested audio from stock music libraries like Pond 5, Jamendo, Freesound, and the International Music Score Library Project, alongside podcasts accessed via RSS feeds. The security incident additionally compromised Stripe payment information for hundreds of thousands of user accounts, highlighting severe privacy vulnerabilities in the platform's infrastructure.
Suno currently holds the position of the largest AI music generator on the market. Its production scale is staggering: by November last year, the platform was generating the equivalent of Spotify's entire music catalogue every single month. This rapid, machine-driven output poses a direct economic threat to traditional music markets, artists and rights holders across Europe who rely on streaming revenues.
Legal and economic fallout
The discovery of the scraping operation validates ongoing copyright lawsuits against Suno. The company initially denied using recorded sounds owned by artists and labels, but has since pivoted to a fair use defence that remains highly contested. For European platforms like Deezer, the unauthorised harvesting of their catalogues undermines the value of licensed content and sets a dangerous precedent for the digital creative economy.
A Suno representative defended the practice in a statement, saying: “As we have stated in public filings and disclosures, Suno’s AI models have been trained on publicly available music files and related metadata accessible on third-party websites on the open Internet." The company downplayed the security breach, claiming it "primarily involved outdated source code that is no longer in use at Suno."
Despite the legal pressures, Suno's leadership has maintained a provocative stance. Chief executive Mikey Shulman previously sparked industry outrage by claiming that the "majority of people don't enjoy the majority of the time they spend making music." As regulators and courts scrutinise AI training practices, Suno's exposed operations will likely serve as a focal point in the defining copyright battles of the generative era.