Google has already confirmed that it is to start deleting, although purging might be a better term, certain personal Google accounts from December 1.
This purge will include pretty much all the content you can think of: Gmail messages, Google Photos libraries, Google Calendar appointments, and Google Docs archives are all impacted.
Here’s everything you need to know ahead of the December deadline.
Google Content Deletion Countdown Clock Is Ticking.
If news of this move to delete inactive Google accounts comes as a complete surprise to you, the fault cannot be laid at Google’s door.
Back in July, Google sent emails warning that these account deletions would start in December.
Those emails stated that any account that is considered to be inactive will receive “several reminder emails” before any action is taken.
Now you may think you’ve spotted a flaw in the logic here, as an email to an account that isn’t currently active won’t be read, but Google has that covered.
Notification emails will also be sent to any recovery email address on record. The first accounts to be targeted, in December, will be those that were created but never actually used again since.
Are Your Gmail and Photos at Risk?
With more than 1.8 billion Gmail users, rising to 2 billion as far as Google Photos users are concerned, will your account be among the unconfirmed number to be affected? The good news is that, statistically speaking, it’s unlikely.
That’s because this purge, undertaken for security reasons according to Google, only applies to inactive personal accounts. More specifically, users who have not signed into their Google accounts for at least two years.
If you’ve read or sent an email using Gmail, stored something in Google Drive, downloaded an app from the Google Play Store, added a photo to Google Photos, or even performed a Google search while logged into your Google account, your precious content is safe. Google business accounts are not affected.
Inactive accounts are a compromise waiting to happen.
Ruth Kricheli, a vice president of product management at Google, went on the record in May to explain the inactive account policy update.
“If an account hasn’t been used for an extended period of time, it is more likely to be compromised,” Kricheli said.
The reasoning is that accounts that remain unused for a long time will not have undergone regular security checks, will likely not have two-factor authentication activated, and could be using insecure passwords.
“Our internal analysis shows abandoned accounts are at least 10x less likely than active accounts to have 2-step verification set up,” Kricheli said.
Because, statistically speaking, these dormant accounts are more vulnerable than others, the risk of compromise is increased.
A compromised Google account is like winning the lottery as far as threat actors are concerned, providing access to email messages and documents that can be used to reset account passwords, steal identities, and act as a launchpad for malicious activity in general.