The code also suggested that Suno was using proxies to scrape songs from YouTube through a company called Bright Data, which sells scraping tools, infrastructure, and data services. Additional code shows that with the help of an online tool called PodcastIndex, Suno identified 420,000 different podcasts that had at least five, 30-minute episodes and sought to download roughly 1 million hours of podcasts

The hacker, ellie.191, told 404 Media they breached the company by hacking an individual employee using the Shai-Hulud worm, a supply chain attack that allowed hackers to harvest GitHub and cloud service credentials. They said they also accessed Suno’s customer list, which included customers’ emails and/or phone numbers and Stripe payment details, depending on what they used to login. The hacker provided a sample of some of the customers, some of whom confirmed to 404 Media they had used their phone number to sign up for Suno and said they were never notified of a breach.

Last month, The Atlantic reported on several music databases that are widely used in AI training, consisting of millions of tracks: “Three of the datasets I found are distributed as a list of links to songs on YouTube or Spotify. AI developers download the actual audio using tools that automate the job, some of which allow developers to bypass logins, advertisements, and mechanisms that might earn money or subscribers for creators. Such tools violate the terms of service of these platforms.

Archive link: https://archive.ph/xX3XW

  • Solventbubbles@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    8 hours ago

    On one hand, I’m happy that an AI company got slapped on the wrist for this. On the other, I don’t give a shit about Google or Spotify.

    I hope all of these companies burn and all the money can go to the music artists.

    • Crozekiel@lemmy.zip
      link
      fedilink
      English
      arrow-up
      5
      ·
      3 hours ago

      I mean, it isn’t like Google or Spotify created the media that was scraped… They are just the hosts.

      • Solventbubbles@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 hours ago

        But that’s exactly my point. Spotify and Google aren’t going to pass these lawsuit winnings off to the artists. They’re going to keep it for themselves and pat themselves on the back like they did a good job of stopping the AI company from stealing.

        • Crozekiel@lemmy.zip
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 hours ago

          I guess I missed the part where Google and Spotify won a lawsuit about this?

          The only lawsuits I have seen have been from record labels or the RIAA, which, you know, also suck, but are still at least (in theory) representing the artists.

          • Solventbubbles@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            3 hours ago

            Ahhhhhh for sure for sure. I missread the article. I thought the lawsuits were from spotify/Google/deezer. My bad.

            Either way, I’m in the camp of “let them all destroy eachother…”

  • Mangoholic@lemmy.ml
    link
    fedilink
    English
    arrow-up
    3
    ·
    5 hours ago

    If music generated gets diffused out of training data, you could have a map of percantages which songs are used in the generation? We could then pay artist based on this percentage. They would also need to opt in ofc for this to be moral.

  • artyom@piefed.social
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    2
    ·
    7 hours ago

    Hack reveals what everyone already knew and the govt has already decided is totally ok.

    • unglueclass23@programming.devOP
      link
      fedilink
      English
      arrow-up
      34
      ·
      14 hours ago

      Yeah it was funny to read :

      “Based on the limited nature of the customer information believed to be involved, we determined that individual notifications were not warranted under applicable privacy laws,” the Suno spokesperson added.

      But then (talking about the hacker):

      They said they also accessed Suno’s customer list, which included customers’ emails and/or phone numbers and Stripe payment details, depending on what they used to login. The hacker provided a sample of some of the customers, some of whom confirmed to 404 Media they had used their phone number to sign up for Suno and said they were never notified of a breach.

      I guess email address, phone and payment details don’t matter enough to notify people.

  • Grimy@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    4
    ·
    10 hours ago

    We must band together and protect the record companies! All music generation must go through Universal and Warner’s proprietary app. Death to training without paying the stockholders, death to open-source.

    All hail censorship, all hail Google.

    • Telorand@reddthat.com
      link
      fedilink
      English
      arrow-up
      6
      ·
      6 hours ago

      I personally know indie musicians who are popular enough to have had their music scraped and used as training data, in part because they are forced to use platforms like Spotify, YouTube, etc. to eke out a living. And then people have had the audacity to present AI slop versions of music using their vocals to them, expecting them to be happy about it.

      Were they paid for their decades of work? No. Were they given the opportunity to opt out? No. This isn’t The Man trying to capitalize upon an open and equitable system. This is The Man stealing from the poors and each other, and pretending they didn’t (or worse, acting like their victimhood is somehow equal to everyone else’s).

      And to add even further insult to injury, these companies have tricked many of those same poors that these plagiarism engines are tools to “level the playing field” against people who have spent years honing their craft. Why, the very nerve of those people using their time to become experts! /s

      Death to training without paying the stockholders, death to open-source…

      Even better: how about death to training until you pay the original artists fairly and equitably, or allow them to opt out? AI should not be treated as some inevitable thief that we must all work around.

      • Grimy@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        6 hours ago

        Fair points but the current lawsuits arent there to solve any of them. The lawsuit against Udio essentially gave ownership of the app to UMG and Warner. No artists were payed. The app still exists, except you have to pay to download the song and they put extra copyrights on every song generated now.

        It’s insanely transparent imo, they want a monopoly on generated music as well as the regular stuff. I wish artists had a chance.

        Even worst is that UMG will probably start pushing AI music once the dust settles because there’s more profit in it, especially if they own it the moment it’s made and can dictate the terms with a simple ToS.

      • Grimy@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 hours ago

        All the current lawsuits kind of suck because its all copyright juggernaut vs big AI companies. It feels mostly lose lose for us but only one of the two outcomes kneecaps open source and community driven options.

        Another frustrating bit is that it’s win win for big AI. Even if they lose, it just means a cheap fine while getting a massive moat because of the new cost of entry.

  • ikt@aussie.zone
    link
    fedilink
    English
    arrow-up
    12
    ·
    15 hours ago

    Wasn’t this already known? Not the hack but the scraping? From Jan 2025:

    “Earlier this year it dawned on me that very little of what generative AI companies were non-consensually scraping off the internet was uncompressed or lossless, they scraped things like YouTube and Spotify and SoundCloud to make their data sets generate AI music.

    https://musictech.com/news/music/benn-jordan-detect-ai-music/

    • unglueclass23@programming.devOP
      link
      fedilink
      English
      arrow-up
      10
      ·
      15 hours ago

      Yeah.

      The lawsuits have made clear that Suno did train on huge amounts of copyrighted works, but the hacked data shared with 404 Media sheds more light on how Suno scraped songs from the internet and where it took them from.

  • eicker@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    10
    ·
    edit-2
    14 hours ago

    If the leak is authentic, it doesn’t just expose scraped data: it exposes trust. AI companies keep asking courts to accept »fair use« while telling the public as little as possible about their training data. Transparency shouldn’t arrive through a hack. It should have been there from the start. We really need open source AI beyond open weight models.

    • The Velour Fog @lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      3
      ·
      edit-2
      13 hours ago

      Do you outsource your comments to an LLM? Got a lot of the hallmarks of AI writing here and in your previous comments.

      Edit: yeah I’m like 80% certain this is another automated LLM account. Their profile description reeks of it, and except for the first three comments, their comment length is consistent at all times, there is an overuse of colons and “it’s not X it’s Y” statements, and weird formatting choices across the board. This is pretty much a running advertisement for their AI consultant and news (?) platform.

      • edible_funk@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        5
        ·
        7 hours ago

        A shocking number of lemmings put their comments through an LLM before posting, and a lot of them comment on basically every rising thread too. You start to recognize recurring usernames before long. Lot of em use sockpuppets too since you’ll always see their comments with the same number of upvotes. I don’t think they realize up and down votes are public. Anyway, yeah like half the users here use a gpt for their comments.

      • eicker@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        10
        ·
        12 hours ago

        So we’re reaching the stage where sounding consistent is treated as stronger evidence than being wrong? If every structured comment is dismissed as AI, discussion gets replaced by authorship detective work. Refute the points instead of running a literary CAPTCHA on every reply. Thanks!

        • CovertOperative@piefed.zip
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          3 hours ago

          AI writing has a high consistency in form and no consistency in conviction. The way to recognize AI writing is to question the will behind the writing, because AI has none save for answering a prompt.

          Your business websites are a great example. You may have wanted them to be neutrally informative, instead they schizophrenically gush about contradictory digital philosophy standpoints without connecting to a big picture. There is no thinking mind behind it, just an answering machine.

          There are no points of yours to refute, because you did not make any, and AI cannot make any.

          • dtrain@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            2
            ·
            11 hours ago

            A lot of their comments start with “Funny how…”

            Must have only sprung for Claude Haiku and not Sonnet. Lol