I just got this email seconds ago. Looks pretty legit. Just passing it along.
The security of your information is critically important to us, so we're really sorry to share that a portion of our North American account information was recently compromised.
What we know: user names, email addresses, salted password hashes, and some first and last names were accessed. This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft.
Additionally, we are investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed. We are taking appropriate action to notify and safeguard affected players. We will be contacting these players via the email addresses currently associated with their accounts to alert them. Our investigation is ongoing and we will take all necessary steps to protect players.
If you have any questions or concerns, please don't hesitate to consult the player support knowledge base or reach out to player support directly.
As a measure to make your accounts safer, within the next 24 hours we'll require players with accounts in North America to change their passwords to stronger ones that are much harder to guess. At such time, you'll be automatically prompted to change your password when you attempt to log in to the game.