A user isnt only vulnerable when the db gets hacked. People have other ways at getting at passwords (sometimes they guess). The idea is that if you see a lot of incorrect password attempts, you also know that something funny is up. Or, you could also see that a login attempt was issued from a computer in Nigeria (even with correct credentials). Imagine if you got a popup on your phone whenever you logged into your bank account. Wouldnt you feel a lot more safe that no one else has your information?

The scenario presented starts with a stolen db. Also it's about recording successful, rather than unsuccessful logins.

Gmail is a good counter-example - it does tell you of your last login but who keeps track of these? You log in from home, from work, from your iPhone, from your friend's wifi, etc.

And you needn't stop there. What if the auditing service is compromised? What if the convenience-inclined user is using the same password at myfancyaudit.com as they are at mydogfriends.com and at their bank? Maybe I'm missing something but it mostly seems like a way of shuffling trust around without significantly improving security.

Its not shuffling around security and neither is it adding any (at least in the crypto sense). Rather, it is a post-mortem way of knowing whether something is wrong. Assume that neither the auditing agency is cracked nor the original service. If your password gets phished and the attacker logs in as you, you will get a notification about it. Then, you can at least do something retroactively (even seconds later if you get a notification on your phone) to prevent further injury instead of finding out weeks later when all the damage is already done.