Technology
Danish Kapoor
Danish Kapoor

Cyber ​​attack reveals how Suno uses YouTube data

Artificial intelligence-supported music production platform Suno has become the center of controversy again with a new news published by 404 Media. According to the news, the company was the target of a cyber attack last year, and internal documents seized during the attack brought to the fore allegations that Suno collected extensive audio data from various digital music platforms in order to train its artificial intelligence model. The information in question also highlighted the ongoing legal process regarding the company’s copyrights.

According to the information in the news, the attacker took advantage of a supply chain attack in November and gained access to the credentials of one of Suno employees. It was claimed that thanks to this access, the company’s source codes were accessed and that there were records that purported to show that audio content spanning many years was collected from YouTube Music, Deezer, Genius, various stock music libraries and podcast RSS feeds.

Copyright discussions continue

In its previous statements, Suno admitted that it trained its artificial intelligence models with music files publicly accessible on the internet. The company argues that the “fair use” principle in US copyright law provides it with a legal basis in this context. However, this approach is not accepted by major rights holders in the music industry.

The major record companies filing lawsuits against Suno argue that the company not only violates copyright, but also that YouTube’s deliberate circumvention of technical measures to prevent data collection violates the US Digital Millennium Copyright Act (DMCA). In addition, it is stated that the application in question conflicts with YouTube’s terms of service.

Similar claims are not limited to Suno. Its rival Udio, which offers an artificial intelligence-based music production service, had also previously faced accusations that it collected data from YouTube. On the other hand, YouTube’s umbrella company, Google, is also facing legal proceedings in lawsuits filed by different publishing houses, due to allegations that it used copyrighted works without permission during the training of artificial intelligence systems. These developments show that global discussions on what data generative artificial intelligence models can be trained with continue.

Another striking detail in the news is that the attacker accessed not only the source codes but also some customer data. Allegedly; Customer e-mail addresses, phone numbers and some of the credit card information registered in the Stripe payment system were viewed during the attack. No confirmed information has been shared regarding whether full credit card information was compromised.

Suno, on the other hand, did not send any notification to its users regarding the security incident that was stated to have occurred in November 2025. The company describes the incident as a “limited security incident that was quickly brought under control.” Despite this, the new allegations indicate that discussions on both the protection of user data and the legal status of the content used in training artificial intelligence models will continue for a while.

TechGIndia is now on WhatsAppGet the best technology deals of the day and big news you shouldn’t miss, delivered to your phone.

Join Channel

Danish Kapoor