I received this email from "google" which leads to an interface at googleapps.com. Is this legit? 

Important Security Notice Dear User We're writing to let you know that your email address was used to create a potentially malicious account that we have now blocked. We have disabled this account and prevented any ongoing activity. We are reaching out to you with additional details to enable any internal investigation you might want to do to protect your account further. What happened In the last few weeks, we identified a small-scale abuse campaign whereby bad actors circumvented the email verification step in our account creation flow for Email Verified (EV) Google Workspace accounts using a specially constructed request. These EV users could then be used to gain access to third-party applications using "Sign In with Google". Within 72 hours of discovery, Google fixed the issue. We have subsequently added additional detection to protect against such malicious activities. What to do While we have already disabled the account, we are reaching out to you with additional details to enable any internal investigation you might want to do to protect your account further. Specifically, there are some steps that you or a domain administrator in your organization might want to take to verify if any abuse occurred using your email on non-Google services (e.g. Dropbox, Slack) that may use Google as an Identity Provider. If your organization has an IT contact, please forward this email so that they can assess and investigate for any unauthorized activity, if needed. Below are additional details about the malicious actors and the services they might have accessed using your email: IP(s) that created malicious accounts: ["66.115.189.174","66.115.189.174","66.115.189.174","66.115.189.174","66.115.189.174","66.115.189.174","66.115.189.174","66.115.189.174","66.115.189.174"] Account Creation date: 2024-06-11 3P Services potentially accessed via malicious accounts (Date of first access): ["Android device (2024-06-11)","Dropbox (2024-06-11)","Google Chrome (2024-06-11)"] If your organization uses these 3rd party applications, we recommend that you review accounts within these apps for any unauthorized access and activity. Additionally, you may want to turn off the app's use of Google Sign-In for authentication to prevent unauthorized access in the future. (e.g. Dropbox Help Page) You can also take additional steps to further secure your domain. You have two options depending on your organization's usage of Google Workspace accounts: Administrators (with access to DNS configuration) who don't have any legitimate existing Google Workspace Accounts can release their domain from existing Google Workspace services by using the domain in use tool. Once completed, administrators can secure the use of their domain by immediately signing up for domain verified Google Cloud services, including Cloud Identity Free. Alternatively, administrators who also want to take over central administration of existing Google Workspace Accounts can claim their domain and complete both domain verification and takeover. This process may require a temporary conversion to Google Workspace Enterprise Essentials. After the domain verification and takeover is complete, administrators can either switch to a Cloud Identity Free subscription or keep their Enterprise Essentials subscription to maintain user access to Google Workspace tools. Sincerely, The Google Workspace Team