I don't see any paragraph where they talk about whether/when/by whom the data was actually accessed. Granted I was only skimming. (Because I was looking for that.) But yeah if an IP address falls in the forest and no one is around to connect to it, does it make a sound?
There's likely no way to really know, in this kind of situation. There only would be if audit logs were created and then retained from the rsync server (unlikely to have been retained) or some device in front of it (unlikely to have been generated in a usable format). A large portion of breaches that occur are just like this... significant potential exposure, but actual exposure unknown.
That said, they located the open rsync server via shodan, which is not exactly the elite tactics of the security world. Lots of people, both benevolent and malicious, watch shodan queries for things like this and triage new findings. So it might be more appropriate to say "if an IP address falls in a forest that a lot of people are watching", but that rather tangles the metaphor. In my experience rsync probing is significantly rarer than SMB and NFS probing, so I'd hazard a guess that there are also fewer people watching Shodan for rsync than more commonly exposed file share protocols, but I'd wager that it's still more people than just this one research outfit.
The big impact of Shodan, as the best known large-scale internet scan and the only one I know of that exposes so much data to the public, is that things like a lone exposed service on a random IP can't comfortably be assumed to be obscure any more. Once Shodan sees it, anyone can know about it with trivial effort.
