No we're all good there. They were not making any POST requests to try to exploit or break into anything at this time, so they can only see what the rest of the public can see on this website.
The only difference between a public visitor browsing around on the site and this bot net, is that they were able to read and most likely copy (because that's the whole point) a good chunk (maybe most) of the publicly viewable posts on this website in a matter of a couple days. I know from 4AM to 11PM yesterday, they read (and copied of course) over 500000 pages. Later on I'll go back to the 13th (looks to be when it started) to see what else. If I recall, the site has around 2000000 posts and there are more than 4 posts per page, but of course there are other things we can click on besides posts, such as users profiles and such.
They won't have anyone's passwords and can't read PM's and such, but if your profile picture shows up on a Chinese cereal box or in an AI video, we know who did it.
This all isn't anything particularly new. As we know, the public internet and social media is just that. Anything we post publicly can be read or recorded and used for beneficial things (like legit search engines) or others who benefit from it in self serving ways that are not helpful to us.
I should also add these ByteSpider / ByteDance bots are crawling virtually the entire public Internet. HBC was not specifically targeted. It just happens to be part of the public internet (at least the parts of it that are publicly visible)