The email is legit. Some people managed to exploit some vulnerability in the support center and get a list of usernames and passwords of all registered users on the support center.
A script was written to automatically comb through the passwords to check for Graal passwords. Accounts of anyone who was using their Graal password for their support center password were disabled as a security precaution. These accounts are automatically re-enabled when they
change their password.
You should definitely change your passwords if you used the same one for your email as for your support center account.