The code also suggested that Suno was using proxies to scrape songs from YouTube through a company called Bright Data, which sells scraping tools, infrastructure, and data services. Additional code shows that with the help of an online tool called PodcastIndex, Suno identified 420,000 different podcasts that had at least five, 30-minute episodes and sought to download roughly 1 million hours of podcasts

The hacker, ellie.191, told 404 Media they breached the company by hacking an individual employee using the Shai-Hulud worm, a supply chain attack that allowed hackers to harvest GitHub and cloud service credentials. They said they also accessed Suno’s customer list, which included customers’ emails and/or phone numbers and Stripe payment details, depending on what they used to login. The hacker provided a sample of some of the customers, some of whom confirmed to 404 Media they had used their phone number to sign up for Suno and said they were never notified of a breach.

Last month, The Atlantic reported on several music databases that are widely used in AI training, consisting of millions of tracks: “Three of the datasets I found are distributed as a list of links to songs on YouTube or Spotify. AI developers download the actual audio using tools that automate the job, some of which allow developers to bypass logins, advertisements, and mechanisms that might earn money or subscribers for creators. Such tools violate the terms of service of these platforms.

Archive link: https://archive.ph/xX3XW

  • Solventbubbles@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    20 hours ago

    On one hand, I’m happy that an AI company got slapped on the wrist for this. On the other, I don’t give a shit about Google or Spotify.

    I hope all of these companies burn and all the money can go to the music artists.

    • unglueclass23@programming.devOP
      link
      fedilink
      English
      arrow-up
      20
      ·
      1 day ago

      Yeah it was funny to read :

      “Based on the limited nature of the customer information believed to be involved, we determined that individual notifications were not warranted under applicable privacy laws,” the Suno spokesperson added.

      But then (talking about the hacker):

      They said they also accessed Suno’s customer list, which included customers’ emails and/or phone numbers and Stripe payment details, depending on what they used to login. The hacker provided a sample of some of the customers, some of whom confirmed to 404 Media they had used their phone number to sign up for Suno and said they were never notified of a breach.

      I guess email address, phone and payment details don’t matter enough to notify people.

  • Mangoholic@lemmy.ml
    link
    fedilink
    English
    arrow-up
    2
    ·
    18 hours ago

    If music generated gets diffused out of training data, you could have a map of percantages which songs are used in the generation? We could then pay artist based on this percentage. They would also need to opt in ofc for this to be moral.

  • Grimy@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    2
    ·
    edit-2
    23 hours ago

    We must band together and protect the record companies! All music generation must go through Universal and Warner’s proprietary app. Death to training without paying the stockholders, death to open-source.

    All hail censorship, all hail Google.

  • eicker@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    5
    ·
    edit-2
    1 day ago

    If the leak is authentic, it doesn’t just expose scraped data: it exposes trust. AI companies keep asking courts to accept »fair use« while telling the public as little as possible about their training data. Transparency shouldn’t arrive through a hack. It should have been there from the start. We really need open source AI beyond open weight models.

    • The Velour Fog @lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      3
      ·
      edit-2
      1 day ago

      Do you outsource your comments to an LLM? Got a lot of the hallmarks of AI writing here and in your previous comments.

      Edit: yeah I’m like 80% certain this is another automated LLM account. Their profile description reeks of it, and except for the first three comments, their comment length is consistent at all times, there is an overuse of colons and “it’s not X it’s Y” statements, and weird formatting choices across the board. This is pretty much a running advertisement for their AI consultant and news (?) platform.

      • eicker@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        6
        ·
        1 day ago

        So we’re reaching the stage where sounding consistent is treated as stronger evidence than being wrong? If every structured comment is dismissed as AI, discussion gets replaced by authorship detective work. Refute the points instead of running a literary CAPTCHA on every reply. Thanks!

          • dtrain@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            24 hours ago

            A lot of their comments start with “Funny how…”

            Must have only sprung for Claude Haiku and not Sonnet. Lol