Help with XSSI exploitation

I’ve been learning about the XSSI vulnerability type, and I think I might have found my first exploitable target. The actual exploitation is proving a bit difficult, though, especially since my Javascript knowledge is very limited.

I’ve found a JS file that leaks sensitive user data in a few variables. I included the file in <script> tags in a PoC html file. However, these variables are declared within an anonymous function, so they can’t be accessed via a simple console.log(var_name);

(function () {

  // (...)

  const data = {
    data1: 'PII',
    data2: 'secret token'

  // (...)


Is this exploitable? Can I somehow access this data via Javascript?

I am trying to crack it. I am almost there. Many variables are present there. I have used windows laptop to crack it. By doing do my windows taskbar won’t hide in fullscreen. Although it was already enabled. But you can access it via the above mentioned file.