A scandal has erupted in the world of music technology that could overturn perceptions of artificial intelligence ethics. Suno, a leader in AI-generated music, has fallen victim to a massive cyberattack. However, the consequences of the hack proved far more damaging to the company's reputation than its security: hackers released internal documents evidencing the systematic use of copyrighted content to train algorithms.
How the hack happened
The attack on Suno's infrastructure was carried out using a worm virus. Intruders managed to penetrate the system through an employee's account. Gaining access to GitHub and cloud storage, hackers seized a significant array of data. Among the compromised information were details of hundreds of thousands of clients: email addresses, phone numbers, and partial bank card data linked to the Stripe payment system.
Particular public interest was sparked by access to the platform's outdated source code. It contained detailed descriptions of the tools the company used to collect data necessary for training its neural network.
Mass Content Collection: YouTube, Deezer, and Genius
Released documents confirm accusations previously leveled against Suno by major American record labels. According to the leak, the company used complex bypass technologies and proxy services to download millions of audio recordings. Specifically, this refers to a cappella versions of songs from the YouTube Music platform.
Furthermore, the startup conducted mass collection of song lyrics from the Genius database, as well as downloading audio materials from the streaming service Deezer and various stock libraries. To download hundreds of thousands of podcasts, the system utilized RSS feeds. These actions were aimed at creating an extensive database for training generative models.
Company Response and Legal Consequences
Suno representatives officially confirmed the cyberattack but labeled it a "limited security incident." The company claims the leak only affected outdated code and that clients' confidential payment information was not compromised. Management decided not to send individual notifications to users, deeming the volume of compromised data insufficient to warrant such measures.
Previously, Suno had admitted in court that its systems were trained on tens of millions of recordings found on the internet. The startup's lawyers insisted on the legality of such actions, citing the fair use doctrine. However, plaintiffs representing major labels note that intentionally bypassing YouTube's protection systems to download audio streams is a direct violation of the US Digital Millennium Copyright Act (DMCA) and the platform's own terms of service.
Currently, the leak provides rights holders with irrefutable evidence of the use of protected content, which could become a turning point in legal proceedings surrounding the ethics of AI-generated music.