Perhaps the failed attempts notification should be disabled altogether? I don’t see the purpose it serves in the modern attack scenarios, while it irritates and worries users. Worrying is good, if it drives action, but in this case users can do nothing. They can just sit and watch a red light blinking. If they come to the forum, the only help they may receive is a reminder about basic security hygiene. Which certainly should be observed, but which doesn’t prevent the emails from piling up in their mailbox.
I believe the notifications should rather go to administration only, as nowadays they’re the only ones capable of using that information. And not even about single accounts,(1) but as cumulative, statistically meaningful data detecting deviation from measured normal.
It seems only some users are affected.(2) Those attacks may be credential stuffing, so one could imagine an email notification acts as an early warning sign about a leak elsewhere. But that assumes the user can pinpoint the leak source and that it comes from their actual account. Assumptions that are hardly reasonable in 2024.
(1) Mistyping may happen to anybody.
(2) I’m not, for example.