Hackers may go holiday shopping online, too