Anyone at anytime can possibly get your passwords just by plugging the computer into the internet without virus protection/firewall... They can even get past these protections because all of the new software has backdoors built in ever since the patriot act. even new supposedly "secure" routers have had their firmware inspected and traces of "backdoors" have been documented... And yes those people that may or may not work for the ISP's do know what the back doors are and they use them every day as part of their job...

Now if you could prove that it was your isp without any reasonable doubt, or "plausible deniability" like some hackers, or virus did it, or someone suggested to you a link for something that you "wanted" and so you go to the link and WHAMMO you are infected with a virus and keylogger.... If you could prove it was your ISP, you'd have a case that you could take straight to federal court... But it's too bad that the current administration fired all the federal judges that would have stood up for your constitutional rights to privacy in these matters... And not to mention the presidents fast tracking into law an indemnity clause for the big companies such as your ISP so that they are unable to be held responsible in court "this means they don't have to pay you damages" For circumventing the requirement of a warant by the federal courts for the "badguy" to "wiretap" your computer system.. etc.