On 1 April, 2017, someone used an exploit in 8chan's software to gain access to the server, used it to delete the database and take the site down, and later leaked a lot of data copied from the server. Among other things, this revealed the existence of Sunshine.

Sunshine was a system that (unsuccessfully) indefinitely stored the IP addresses of posts. For each post, a copy of the post together with its IP address was encrypted and inserted into a table. The entries could only be decrypted using a private key stored on a different computer. This was done in response to a law enforcement request for the IP address that posted a thread threatening a school shooting, which was received after the thread had already 404ed and the IP address had been deleted from the database. Sunshine was used successfully only once.

Because of the incomplete documentation of PHP's openssl_public_encrypt function, encryption of long posts failed, and they were not recorded. Sunshine never even worked properly.