Labels

Sarai Hannah Ajai's Suno / Quantaudio Studio OTP Verification Failure, Persistent Phone Login Lockout, Duplicate Google Account Creation, and Possible Unauthorized Account-Access Concern Pending Engineering Review

 Incident Report

Subject

Suno / Quantaudio Studio OTP Verification Failure, Persistent Phone Login Lockout, Duplicate Google Account Creation, and Possible Unauthorized Account-Access Concern Pending Engineering Review

Reporting Party

Name: Sarai Hannah Ajai
Business / Creative Identity: Founder and Owner, Quantaudio Studio
Suno Handle: @quantaudiostudio
Date of Incident: May 24, 2026
Platform Involved: Suno.com
Primary Login Methods Involved: Continue with Phone; Continue with Google
Phone Number: Phone number ending in 6195
Email Address: Gmail account on file with Suno correspondence and billing evidence
Subscription Evidence: Suno Pro invoices dated April 6, 2025 and May 6, 2026
Purpose of Report: Account-access documentation, evidence preservation, paid-account restoration, duplicate-account review, privacy protection, and engineering escalation.

I. Executive Summary

On May 24, 2026, I, Sarai Hannah Ajai, experienced a significant Suno account-access incident affecting my existing Quantaudio Studio account, identified publicly as @quantaudiostudio.

The incident began when I attempted to access Suno using the “Continue with Phone” authentication method. I entered the phone number associated with my Suno account, but the expected 6-digit OTP verification code was not successfully received or usable for login. After repeated attempts, Suno displayed an authentication failure page stating:

“Authentication Canceled”
“Too many requests. Please try again later.”

The failure prevented me from reliably accessing my existing Suno / Quantaudio Studio account and disrupted my ability to manage music-related creative work connected to Quantaudio Studio.

At first, the incident appeared to be a phone OTP delivery and rate-limit problem. However, the issue later expanded into a broader account-access and account-linking concern. Suno Support confirmed that it located my existing @quantaudiostudio account and stated that my Suno Pro Plan was active with a full 2,500 credits available through June 6. Despite that confirmation, I continued receiving the “Too many requests” error and remained unable to reliably access the original account.

Suno Support then escalated the matter to its engineering team to investigate whether there was a stuck rate limit affecting the account’s phone-login process. Suno also acknowledged that OTP codes not being delivered to my phone, even when the rate-limit message was not showing, was part of the engineering investigation.

Later the same day, I attempted to access Suno using “Continue with Google” with the same Gmail account associated with my Suno support correspondence and billing evidence. Instead of restoring access to my original@quantaudiostudio account, the Google login path appeared to create a new blank account. That new-account behavior was inconsistent with my original account history, which included prior songs, projects, profile activity, credits, subscription records, and paid Suno Pro invoices.

Because of this sequence of events, I am documenting this matter as a suspected account-authentication conflict, duplicate account creation, and possible unauthorized account-access concern pending Suno engineering confirmation. I am not stating as a final technical conclusion that the account was stolen. However, I am requesting that Suno preserve and review all account-authentication, account-linking, billing, login, and account-change records before any accounts are merged, closed, overwritten, modified, or reassigned.

II. Careful Updated Theory of the Incident

Based on the evidence currently available, the most supportable theory is as follows:

  1. My original Suno / Quantaudio Studio account exists under the handle @quantaudiostudio.
  2. The original account appears to have been associated with phone-based authentication.
  3. The phone-login process began failing on May 24, 2026 due to OTP non-delivery, rate limiting, or a platform-side authentication state problem.
  4. Suno Support confirmed that the original account was located and that the Suno Pro subscription was active.
  5. Despite this confirmation, the phone-login path continued to fail or remained unstable.
  6. When I attempted to use Continue with Google, Suno appeared to create a separate blank account instead of linking me back to the original account.
  7. This creates a concern that Suno may now have at least two account records or login identities:
    • one original phone-authenticated account connected to @quantaudiostudio; and
    • one newer Google-authenticated blank account created during the May 24, 2026 access problem.
  8. The situation may be caused by a technical account-linking issue, stuck rate-limit condition, OTP delivery problem, session/cookie conflict, authentication-provider mismatch, or other platform-side account-mapping error.
  9. A possible unauthorized account-access issue cannot be ruled out unless Suno confirms that no unauthorized login methods, account identifiers, phone numbers, billing records, account ownership records, songs, credits, or profile settings were changed.

The careful position is therefore:

This is a documented Suno account-access disruption involving OTP failure, persistent rate-limit messaging, duplicate Google-account creation, and possible unauthorized account-access concern pending Suno engineering confirmation.

III. Background and Account Context

I am the founder and owner of Quantaudio Studio. I use Suno for music-related creative production and management connected to Quantaudio Studio.

My original Suno account is publicly identified as:

@quantaudiostudio

The uploaded Suno profile screenshot shows the public-facing Quantaudio Studio profile with existing songs, visible account activity, followers, and creative content. This supports that the account was not new or blank before the incident.

My billing evidence includes Suno Pro invoices dated April 6, 2025 and May 6, 2026. These invoices support that I had paid Suno Pro subscription history before the May 24, 2026 login problem. These invoices should be preserved as billing-history evidence, but personal residential address details should be redacted before broader disclosure.

Before this incident, I had successfully received Suno OTP verification messages through the Messages app. The uploaded Messages screenshot shows multiple prior Suno verification-code texts. This supports that Suno OTP delivery had previously worked for the phone number associated with the account.

IV. Incident Timeline

A. Prior Suno OTP Delivery

Before the May 24, 2026 login incident, Suno OTP texts were reaching my phone. The uploaded Messages screenshot shows prior Suno verification messages across multiple dates, including a recent message from the prior evening.

This evidence is important because it shows that the phone number had previously received Suno verification codes. The later failure appears to represent a change in authentication behavior, SMS/RCS delivery, rate-limit status, or account-login routing that requires Suno engineering review.

Security note: The actual OTP numbers should be treated as sensitive authentication evidence and should be redacted before the screenshot is shared outside a secure support, legal, or investigative channel.

B. Failed “Continue with Phone” Attempt

Date: May 24, 2026
Approximate Time Reflected in Screenshot: 2:36 PM
Login Method: Continue with Phone
Observed Error: “Too many requests. Please try again later.”

On May 24, 2026, I attempted to log in to Suno.com using the “Continue with Phone” option. I entered the phone number associated with my account.

Instead of receiving a usable OTP verification code and completing login, Suno displayed an authentication error page. The page stated:

“Authentication Canceled”
“Too many requests. Please try again later.”

This blocked access to my Suno account and disrupted my Quantaudio Studio music-related work.

C. Initial Complaint Sent to Suno Support

Date: May 24, 2026
Approximate Time: 2:41 PM
Recipient: Suno Support / Account Access Team

After the failed phone-login attempt, I contacted Suno Support. I explained that I attempted to log in using Continue with Phone, did not receive the required 6-digit OTP verification code through my Messages app, and then received the “Authentication Canceled” and “Too many requests” messages.

I requested that Suno investigate:

  1. why the OTP code was not being delivered;
  2. whether Suno’s SMS / OTP provider was delaying or failing delivery;
  3. whether my phone login had been temporarily rate-limited;
  4. whether the restriction could be reset; and
  5. whether Suno could provide a secure alternative account-verification method.

I also stated that I did not want my Suno account connected to, associated with, or verified through my personal residential address. I requested that any verification be limited to secure account credentials, phone verification, email verification, approved social login, or another privacy-respecting method.

D. Suno Support’s First Response

Date: May 24, 2026
Approximate Time: 2:43 PM

Suno Support responded that the “Too many requests” error typically occurs when too many OTP requests are made within a short time window. Suno stated that this condition is usually temporary and should reset within approximately 30–60 minutes.

Suno also stated that because the account was tied to a phone number rather than an email address, Support could not initially locate the account using the email address from which I wrote. Suno requested identifying information, including my Suno handle, phone number, or a link to a song.

Suno also responded to my privacy concern and stated that Suno does not use or require a residential address for account verification. Suno stated that account authentication is handled through phone OTP or social login methods such as Google, Apple, or Microsoft.

E. Account Identification Provided

After waiting, I was briefly able to request a new code and log in. I then responded to Suno Support and provided identifying information for account lookup.

The information provided included:

  1. Suno Handle: @quantaudiostudio.
  2. Phone Number: phone number ending in **95.
  3. Song Reference: City on a Hill | Instrumental | Light in the Lord | Session II.
  4. Account Creation Context: I stated that I originally created the Suno account on or about April 6, 2025 and associated it with the Gmail account used for support and billing evidence.

This information was provided so Suno could locate the correct original account rather than treating the issue as a new-user login problem.

F. Suno Located the Original Account and Confirmed Pro Plan Status

Date: May 24, 2026
Approximate Time: 2:52 PM

Suno Support responded that it had located the account:

@quantaudiostudio

Suno Support stated that everything looked good on Suno’s end and that my Pro Plan was active with a full 2,500 credits available through June 6.

This confirmation is legally and technically significant because it supports that the original account still existed in Suno’s system at the time of the incident. It also supports that the account had active paid subscription status and credits.

G. Continued Lockout After Temporary Access

Date: May 24, 2026
Approximate Time: 2:59 PM

After Suno stated that the account was located and the Pro Plan was active, I continued experiencing access failure. I reported to Suno Support that I was still locked out and that I continued receiving:

“Too many requests. Please try again later.”

This showed that the earlier temporary access did not fully resolve the problem and that the phone-login restriction or OTP process remained unstable.

H. Suno Engineering Escalation

Date: May 24, 2026
Approximate Time: 3:02 PM

Suno Support responded that because the “Too many requests” error was persisting longer than expected, the issue had been escalated to Suno’s engineering team.

Suno stated that engineering would investigate whether there was a stuck rate limit on the account’s phone-login process.

Suno also suggested trying a different browser or device, clearing cookies/cache, or using a private/incognito browser window to rule out local session issues.

I. Continued OTP Non-Delivery

Date: May 24, 2026
Approximate Time: 3:04 PM to 3:06 PM

I then reported that after the OTP expired and I requested Continue with Phone again, I was not receiving the Suno 6-digit OTP code.

Suno Support responded that the OTP non-delivery issue had already been flagged with engineering and that the fact OTP codes were not being delivered to my phone, even when the rate-limit error was not showing, was part of the engineering investigation.

This response is significant because it confirms that the issue involved more than ordinary user retry behavior. Suno acknowledged both the persistent rate-limit problem and the OTP delivery issue as matters requiring engineering review.

J. Continue with Google Created a New Blank Account

Date: May 24, 2026
Approximate Time: 4:05 PM and later

Later on May 24, 2026, I attempted to access Suno using Continue with Google with the same Gmail account used for Suno support correspondence and billing evidence.

Instead of restoring access to my original @quantaudiostudio account, Suno appeared to create a new blank account. This account did not show my previous songs, projects, credits, subscription history, or account data.

This was inconsistent with:

  1. my existing @quantaudiostudio profile;
  2. Suno Support’s confirmation that @quantaudiostudio was located;
  3. the active Pro Plan confirmation;
  4. prior Suno Pro invoices; and
  5. my established Quantaudio Studio music history.

The new-account welcome email titled “Welcome to Suno! Your first song is waiting” supports that Suno treated the Google login as a new-account path rather than restoring my original account.

K. Billing Evidence Sent to Suno

Date: May 24, 2026
Approximate Time: 5:42 PM

I then sent Suno Support additional evidence explaining that I originally created the Suno / Quantaudio Studio account on or about April 6, 2025 using phone authentication and that the Gmail account used for support and billing evidence was connected to my paid Suno Pro subscription history.

I attached invoices dated:

  1. April 6, 2025
  2. May 6, 2026

I explained that these invoices show paid subscription history and existing account history before the May 24, 2026 login issue.

I requested that Suno help recover the original account or merge the duplicate accounts so that my original songs, projects, subscription status, billing history, credits, and account data would be restored correctly.

V. Evidence Summary

Exhibit A — Authentication Canceled / Too Many Requests Screenshot Suno / Quantaudio Studio OTP Verification Failure, Persistent Phone Login Lockout

This screenshot shows the Suno authentication page displaying:

“Authentication Canceled”
“Too many requests. Please try again later.”

This exhibit supports that the phone-login flow was blocked by an authentication or rate-limit state at the time of attempted access.

Exhibit B — Messages App Suno OTP Thread

This screenshot shows that Suno OTP verification messages had previously reached my Messages app. This supports that Suno OTP delivery had worked before the later non-delivery and rate-limit problem.

Security note: All visible OTP numbers should be redacted before the screenshot is distributed outside a secure support, legal, or investigative channel.

Exhibit C — Suno Support Email Thread

The Suno Support email thread is central evidence because it documents:

  1. my initial complaint;
  2. Suno’s explanation of the temporary rate-limit condition;
  3. Suno’s request for account-identifying information;
  4. Suno’s statement that it does not use residential address verification;
  5. Suno’s confirmation that @quantaudiostudio was located;
  6. Suno’s confirmation that the Pro Plan was active with 2,500 credits through June 6;
  7. my continued report of lockout;
  8. Suno’s engineering escalation for a possible stuck phone-login rate limit;
  9. Suno’s acknowledgment that OTP non-delivery was part of the engineering review;
  10. my report that Continue with Google created a new blank account; and
  11. my request for recovery or merger of the duplicate account.

Exhibit D — Gmail Welcome Email

The Gmail screenshot titled “Welcome to Suno! Your first song is waiting” is relevant because it appears to show new-account onboarding activity after the Google login attempt.

This supports my concern that the Google login path may have created a separate blank account rather than restoring access to the original account.

Exhibit E — April 6, 2025 Suno Pro Invoice

The April 6, 2025 invoice supports that Suno Pro billing existed before the May 24, 2026 login issue. This is relevant to the account-history and paid-subscription continuity.

Privacy note: The residential address shown on the invoice should be redacted before broader disclosure.

Exhibit F — May 6, 2026 Suno Pro Invoice

The May 6, 2026 invoice supports continued paid Suno Pro subscription activity near the time of the May 24, 2026 login incident.

Privacy note: The residential address shown on the invoice should be redacted before broader disclosure.

Exhibit G — @quantaudiostudio Profile Screenshot

The @quantaudiostudio profile screenshot supports that the original account existed, contained creative content, and was not a blank account.

This exhibit is important because the later Google-created account appeared blank, which suggests an account-linking or duplicate-account problem.

VI. Technical Account-Access Concerns

This incident raises several technical concerns that require Suno engineering review.

1. Persistent Rate-Limit Concern

Suno stated that the “Too many requests” condition usually resets within 30–60 minutes. However, I continued receiving the error after Suno had already located the original account and confirmed the Pro Plan was active.

This suggests the possibility of a stuck or repeated rate-limit state affecting phone login.

2. OTP Delivery Concern

Suno OTP messages had previously reached my phone. Later, after the phone-login issue began, I did not receive usable OTP codes.

This raises the question of whether OTP messages were:

  1. generated but not delivered;
  2. generated but delayed;
  3. blocked by rate-limit logic;
  4. blocked by carrier/SMS/RCS routing;
  5. affected by a local device or Messages setting; or
  6. not generated by Suno due to authentication-state errors.

3. Phone Login and Google Login Account-Mapping Concern

The most serious technical concern is that Continue with Phone appeared connected to the original @quantaudiostudio account, while Continue with Google appeared to create a new blank account.

This suggests a possible account-mapping separation between:

  1. the original phone-authenticated account; and
  2. the newer Google-authenticated account.

Suno should confirm whether both login methods point to the same account record or whether separate account records now exist.

4. Duplicate Account Concern

If a duplicate Google-created account exists, it could affect:

  1. account recovery;
  2. billing records;
  3. credits;
  4. subscription access;
  5. song-library access;
  6. profile identity;
  7. support review;
  8. account ownership verification; and
  9. future login stability.

Suno should not close, modify, merge, or overwrite any related account until it confirms which account is the original account and which account is the duplicate.

5. Possible Unauthorized Account-Access Concern

At this time, I cannot prove that my original account was stolen. However, the possibility of unauthorized account interference cannot be fully ruled out until Suno confirms whether:

  1. the phone number was changed;
  2. the email address was changed;
  3. a Google, Apple, Microsoft, or other social-login method was added or modified;
  4. the account handle was changed;
  5. songs, projects, credits, billing data, or subscription records were moved or detached;
  6. login occurred from unknown devices, IP addresses, or locations;
  7. account ownership records changed;
  8. support or engineering records show account merge, split, migration, or duplication events; or
  9. any account-access tokens, sessions, or identity-provider links were modified without my authorization.

The current evidence supports a serious account-access and account-linking concern. A theft conclusion should remain pending unless Suno engineering confirms unauthorized access, ownership changes, or account-data movement.

VII. Account Ownership and Billing Continuity

The account-access issue should not be treated as a simple new-user login problem.

The evidence supports that:

  1. @quantaudiostudio existed before the May 24, 2026 login problem.
  2. Suno Support located the account internally.
  3. Suno Support confirmed the Pro Plan was active.
  4. Suno Support confirmed available credits through June 6.
  5. Suno Pro billing invoices exist for April 6, 2025 and May 6, 2026.
  6. The new Google-based account appeared blank and lacked the original account history.

This evidence supports the need for Suno to preserve account continuity, subscription continuity, credit continuity, song-library continuity, and billing-history continuity.

VIII. Privacy Concern

I previously raised a concern that I did not want my Suno account connected to or verified through my personal residential address.

Suno Support stated that Suno does not use or require residential address verification and that authentication is handled through phone OTP or social login methods. That statement should remain part of the record.

The invoices contain personal billing address information. Those invoices should be used only as secure billing-history evidence and should be redacted before any public, general, or non-secure use.

IX. Impact on Reporting Party

This incident caused distress, confusion, and interruption of my Quantaudio Studio work.

The primary impact was loss of reliable access to an existing creative-production account connected to my music, songs, profile identity, subscription, credits, and billing records.

The incident also caused concern that my original account identity, login method, billing identity, or account access path may have been separated, altered, or interfered with.

Because Quantaudio Studio is my business and creative identity, access to the @quantaudiostudio account is important for continuity of ownership, creative control, account records, subscription history, and public-facing music identity.

X. Legal Significance and Potentially Relevant Frameworks

This section is not a final legal conclusion. It identifies legal frameworks that may become relevant only if later platform records, billing records, engineering logs, or account-access evidence confirm unauthorized access, improper account-data movement, account takeover, or other unlawful conduct.

1. Computer Fraud and Abuse Act — 18 U.S.C. § 1030

The Computer Fraud and Abuse Act addresses certain unauthorized-access activity involving protected computers and computer systems. If later evidence shows unauthorized access to my Suno account, login sessions, account records, or platform-stored content, this statute may become relevant for legal review. (U.S. Code)

2. Stored Communications Act — 18 U.S.C. § 2701

The Stored Communications Act addresses unauthorized access to facilities through which electronic communication services are provided where the conduct obtains, alters, or prevents authorized access to electronic communications in electronic storage. If later evidence shows unauthorized access to stored account communications or platform account records, this framework may be relevant. (U.S. Code)

3. Access Device Fraud — 18 U.S.C. § 1029

Access-device law may become relevant if later evidence shows misuse of credentials, authentication methods, billing access, subscription access, or account-access mechanisms with fraudulent intent. (Legal Information Institute)

4. Consumer Account and Identity-Theft Reporting

If Suno or another source confirms that someone used my information to create, access, alter, or control an account without authorization, the FTC’s identity-theft recovery process may become relevant. The FTC directs consumers to IdentityTheft.gov when someone uses their information to open a new account or make a purchase. (ReportFraud.ftc.gov)

Again, this report does not state as a final conclusion that identity theft occurred. It preserves the issue for review if Suno’s records later confirm unauthorized activity.

XI. Requested Corrective Action to Suno

I request that Suno take the following corrective actions:

  1. Confirm the correct original account record for @quantaudiostudio.
  2. Confirm whether the phone number ending in **95 remains linked to the original account.
  3. Confirm whether the Gmail account used for billing and support correspondence is linked to the original account, the duplicate Google-created account, or both.
  4. Confirm whether Continue with Google created a separate blank account on May 24, 2026.
  5. Identify which account is the original account and which account, if any, is a duplicate.
  6. Confirm whether the original account’s songs, projects, credits, profile, subscription, and billing history remain intact.
  7. Confirm whether any account ownership records, phone numbers, emails, social-login methods, account identifiers, or billing identifiers were changed without my authorization.
  8. Confirm whether the “Too many requests” phone-login condition became stuck beyond the ordinary reset period.
  9. Review OTP generation and delivery logs for May 24, 2026.
  10. Confirm whether OTP codes were generated, delayed, blocked, rate-limited, or not generated.
  11. Confirm whether any suspicious login attempts, device sessions, IP addresses, account-linking changes, or account-recovery actions occurred.
  12. Preserve all original account records before performing any merge, closure, reassignment, or correction.
  13. Restore my original account access without losing songs, projects, credits, subscription history, billing history, or account data.
  14. Provide a secure alternate verification method if phone OTP remains unstable.
  15. Confirm in writing that residential address information is not required or used for account verification.

XII. Evidence Preservation Request

I request preservation of all records related to this incident, including:

  1. Suno login attempts on May 24, 2026.
  2. Phone OTP request logs.
  3. OTP generation logs.
  4. OTP delivery-provider logs.
  5. Rate-limit records for the phone number ending in **95.
  6. Authentication-session records for Continue with Phone.
  7. Authentication-session records for Continue with Google.
  8. Account-linking records between phone login, Google login, email, billing profile, and @quantaudiostudio.
  9. Any Google-created account record generated on May 24, 2026.
  10. Account creation records for the original @quantaudiostudio account.
  11. Billing records connected to the April 6, 2025 and May 6, 2026 Suno Pro invoices.
  12. Credit-balance records showing the 2,500-credit status through June 6.
  13. Song-library records, project records, and public-profile records for @quantaudiostudio.
  14. Account-change logs for phone number, email address, social-login providers, billing information, handle, profile data, and subscription status.
  15. Support-ticket records and engineering escalation notes.
  16. Any security, abuse, suspicious-login, account-recovery, or account-merge records connected to the account.

XIII. Redaction and Privacy Notice

Before this report or its exhibits are submitted outside a secure support, legal, regulatory, or investigative channel, the following should be redacted:

  1. Full phone number, except the last four digits.
  2. Full Gmail address, unless needed for secure account recovery.
  3. Residential address on invoices.
  4. All OTP codes.
  5. Any trace ID, session ID, token, URL parameter, or authentication metadata.
  6. Any unrelated personal messages visible in screenshots.
  7. Any payment-method information.
  8. Any unrelated private account information.

The public-facing account identity @quantaudiostudio may remain visible because it is relevant to account ownership and recovery.

XIV. Formal Statement

I, Sarai Hannah Ajai, state that on May 24, 2026, I attempted to access my existing Suno / Quantaudio Studio account using Continue with Phone. The phone-login process failed, and Suno displayed an authentication page stating “Authentication Canceled” and “Too many requests. Please try again later.”

I preserved screenshots showing the failed authentication state, prior Suno OTP text-message delivery, the @quantaudiostudio profile, a later new-account welcome email, and Suno Pro billing invoices. I also preserved the Suno Support email thread showing that Suno initially described the issue as a rate-limit condition, later located my @quantaudiostudio account, confirmed my Pro Plan was active, and escalated the continuing phone-login and OTP non-delivery issue to engineering.

I further state that when I later attempted to use Continue with Google with the same Gmail account used in connection with Suno support correspondence and billing evidence, Suno appeared to create a new blank account instead of restoring access to my original @quantaudiostudio account.

I am not stating as a final technical conclusion that the account was stolen. However, I am documenting a serious account-access disruption, duplicate-account creation concern, and possible unauthorized account-access concern pending Suno engineering confirmation.

I request that Suno preserve all account records, confirm the correct original account identity, determine whether a duplicate Google-created account exists, review all authentication and account-linking records, and restore my original songs, projects, credits, subscription status, billing history, and account data without loss or misassignment.

Respectfully submitted,
Sarai Hannah Ajai
Founder / Owner, Quantaudio Studio
Date: May 24, 2026


   

   

    

  

  














Labels:

Comments

Post a Comment