In theory, this is possible. It holds with the same potential as Tor, which is that an exit node could potentially see traffic if a user is looking at unencrypted sites (eg. A site without HTTPS). The person running the exit node would have to have a sophisticated understanding and tools (such as Wireshark etc.) in order to do this, so it’s not a huge concern for network users.
In addition to this, all of the sensitive traffic uses HTTPS connections, which is encrypted from the client to the end server so it’s not possible to decrypt it on the provider level, so it’s useless for them.