Researcher: Thousands of shopping sites hacked, card data skimmed