LoginNotify does not leave a trace in the CheckUser logs when there are unsuccessful attempts. Lacking integration with local CheckUser tables prevents this feature from being used by community processes to investigate this point of abuse.
Send login attempt information to local CheckUser tables using CU extension hooks from LoginNotify.
This will let checkusers to be able to keep tabs on and if necessary, block IPs or IP ranges from which such login attempts happen repeatedly. This will potentially be able to prevent account hacks even in cases where users have weak passwords.