Suno leak exposes two million scraped tracks behind its AI music
Hacked Suno files reveal a training set built from YouTube Music, Deezer and Genius, with two million clips logged. For India's labels, the timing could not be sharper.
The News
Suno, the generative music startup whose app turns text prompts into finished songs, has had internal files exposed in a hack, and the documents lay bare how it assembled the datasets behind its models. According to The Verge, which reported on material obtained by 404 Media, the leaked files date from 2023 to 2024 and contain source code alongside scraping instructions.
Those instructions point to a wide sweep of online audio libraries: YouTube Music, Deezer, Genius, Pond5, Jamendo, Freesound and the International Music Score Library Project. One leaked file logged 2,013,545 YouTube Music clips consumed at the point it was last updated. The code reportedly shows Suno hunting for a cappella versions of tracks to isolate vocal-only audio, and leaning on a third-party firm, Bright Data, to pull material from YouTube.
The breach offers a rare view of a training set Suno has never published. It also arrives while the company defends itself against the Recording Industry Association of America, which alleges Suno bypassed YouTube's copyright safeguards through so-called stream ripping. Suno has conceded that it trained on copyrighted recordings but maintains the practice qualifies as fair use.
Why It Matters
Generative audio has been the quiet corner of the AI boom, overshadowed by chatbots and image tools, yet it raises the same unresolved question in sharper form: where does the training data come from, and who agreed to it? A leak that sets a precise figure, more than two million clips, against a named commercial scraper turns an abstract legal argument into an evidentiary one. Fair-use defences are far harder to sustain when the method of acquisition looks like deliberate circumvention rather than incidental collection.
The parallel is the industry's response to Napster at the turn of the century, when labels chose litigation over accommodation. The difference now is that the disputed value is not the file but the model trained on millions of them, an asset that survives even if every original track is deleted. That is why rights holders are pressing for disclosure of training data, and why a hack that supplies it involuntarily matters.
Indian Angle
India's recorded-music business is among the largest and most litigious in the world, and it is already inside a courtroom fight over exactly this issue. The Indian Music Industry body, which represents T-Series, Saregama and Sony Music, moved to intervene in the copyright case against OpenAI before the Delhi High Court, arguing that Indian creative works were ingested without licence. A leak of the Suno kind hands those labels the concrete method-of-acquisition detail their lawyers have struggled to obtain through discovery.
There is a commercial dimension too. Saregama sits on one of the deepest song catalogues on earth, and licensing that library to AI music firms is a plausible revenue line rather than a threat, provided the terms are set before the scraping happens. For domestic AI music startups, the Suno files are a cautionary template: an Indian firm scraping local repertoire without permission would face India's Copyright Act, 1957, with none of the fair-use latitude available in United States courts.
For MeitY and the courts, the episode strengthens the case for training-data transparency rules. If a hack is currently the only reliable way to learn what a model consumed, that is an argument for mandated disclosure, not against it.
FAQ
What exactly was exposed?
Internal Suno files from 2023 to 2024, including source code and scraping instructions, obtained by 404 Media through a hacking incident. They reveal the online libraries Suno drew from and the tools it used, including a logged count of 2,013,545 YouTube Music clips.
Which platforms were scraped?
The documents name YouTube Music, Deezer, Genius, Pond5, Jamendo, Freesound and the International Music Score Library Project. Suno reportedly used a third-party firm, Bright Data, to gather audio from YouTube, and searched for a cappella tracks to obtain vocal-only material.
Is Suno being sued?
Yes. The Recording Industry Association of America has sued Suno, alleging it circumvented YouTube's copyright protections through stream ripping. Suno has admitted training on copyrighted recordings but argues the use is protected as fair use, a defence the leak may complicate.
What does this mean for Indian music labels?
T-Series, Saregama and Sony Music, through the Indian Music Industry body, are already contesting AI training in the Delhi High Court. Concrete evidence of scraping methods strengthens their hand, while also underlining the case for licensing catalogues on agreed terms.
This story was reported by The Verge. Read the full original coverage at The Verge.