The code also suggested that Suno was using proxies to scrape songs from YouTube through a company called Bright Data, which sells scraping tools, infrastructure, and data services. Additional code shows that with the help of an online tool called PodcastIndex, Suno identified 420,000 different podcasts that had at least five, 30-minute episodes and sought to download roughly 1 million hours of podcasts

The hacker, ellie.191, told 404 Media they breached the company by hacking an individual employee using the Shai-Hulud worm, a supply chain attack that allowed hackers to harvest GitHub and cloud service credentials. They said they also accessed Suno’s customer list, which included customers’ emails and/or phone numbers and Stripe payment details, depending on what they used to login. The hacker provided a sample of some of the customers, some of whom confirmed to 404 Media they had used their phone number to sign up for Suno and said they were never notified of a breach.

Last month, The Atlantic reported on several music databases that are widely used in AI training, consisting of millions of tracks: “Three of the datasets I found are distributed as a list of links to songs on YouTube or Spotify. AI developers download the actual audio using tools that automate the job, some of which allow developers to bypass logins, advertisements, and mechanisms that might earn money or subscribers for creators. Such tools violate the terms of service of these platforms.

Archive link: https://archive.ph/xX3XW

  • Crozekiel@lemmy.zip
    link
    fedilink
    English
    arrow-up
    2
    ·
    3 hours ago

    I guess I missed the part where Google and Spotify won a lawsuit about this?

    The only lawsuits I have seen have been from record labels or the RIAA, which, you know, also suck, but are still at least (in theory) representing the artists.

    • Solventbubbles@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 hours ago

      Ahhhhhh for sure for sure. I missread the article. I thought the lawsuits were from spotify/Google/deezer. My bad.

      Either way, I’m in the camp of “let them all destroy eachother…”