I dont see how they could sniff the file remote over the internet. If the person was in a LAN or Wireless LAN then it would seem a lot more plausable. Backtrack is capable of doing this, but only on the LAN, not the open internet.
It is possible:
A. Someone who close to the person, either in the same room, or at least the same LAN, sniffed/stoled the password.
B. They were socialially engineered into infecting their computer with a trojan/bot that revealed their info. This could be over the LAN or over the internet.