Google has threatened to spoil Christmas for many people this year after sending out emails to users warning them that inactive accounts would begin to be deleted on December 1, 2023.
This decision will affect accounts that have not been active or signed into within a two-year period, as reported by Chrome Unboxed. Users will also be notified if their accounts are up for the chop prior to deletion. Google’s email explicitly states that several emails will be sent to the account inbox, as well as recovery email accounts (if any are provided), before action is taken or any content is deleted.
The reminder emails will continue for a minimum of eight months before action is taken. It’s not clear if this means two years after eight months of notifications, or if the eight-month period is folded into the two years of inactivity. Once that time is up, the inactive Gmail account will be unable to be accessed or used to create a new Google account. If this sounds like it might affect you, here’s what you need to do.
What can you do to prevent deletion?
The easiest way to make sure your account is left untouched is to log in at least one time every two years. This will ensure that your account is considered active and should not (in theory) be flagged up for deletion. You can do other things while logged in to retain your account’s active status such as checking and sending emails, downloading apps from Google’s Play Store, carrying out a Google search, going on YouTube, performing actions in the linked Google Drive, authorizing a third-party app or service via your Google account, and more.
Google Accounts used to log into YouTube, accounts that have gift cards on them with money left to spend, and accounts that publish apps on the Google Play store won’t be deleted – for now, at least. Google may choose to take action if these are inactive also, including on said services, so it may be wise to keep an eye on those accounts if you have any as well.
Rationale for the new deletion campaign
So why is Google doing this? Back in May, Google changed its product policies with regard to inactive accounts, and according to Ruth Kricheli, Google's VP for Product Management, this is to make sure that accounts aren’t being compromised and misused. Longer periods of inactivity can be a sign that these accounts are being misused or that the original user may have lost access to it (perhaps by forgetting the password).
Older accounts are less likely to have two-factor authentication and fewer security measures set, and are therefore even more at risk of being hijacked. Accounts that are no longer used are at least 10 times less likely to have 2-step-verification according to Google’s internal analysis (as Bleeping Computer reports citing Kricheli).
Additionally, they likely use older or recycled passwords that may have already been leaked. If a dead account gets hijacked by a malicious user, a it can be used in a myriad of nefarious ways such as identity theft, spam emails, and phishing scams.
Google’s email regarding account deletions expands on the reasoning behind this decision:
"We want to protect your private information and prevent any unauthorized access to your account even if you're no longer using our services."
If you’re okay with an account of yours being deleted, but wish to retain whatever information is on it, you can download your data via the Google Takeout service. There’s also an Inactive Account Manager that gives you control over what happens after a set period of inactivity.
So, this news may initially cause alarm for many users, but I think it’s a solid step to help curb inappropriate use and potential misuse of user data. That said, I’m sure there are many users of Google, Google devices or Android phones that may have lost access to older accounts, don’t have backups, or may not use those accounts anymore that still hold valuable data or even precious memories.
If this sounds like you, make sure you log in, perform an action that lets Google know you’re a real person, set up alternative measures to access the account if you haven’t already (check out our guide on why two-factor authentication is important), and if you have the chance, maybe back up whatever data you want to save (for example, using the best back up software). Like now, right now, because December will be upon us before you know it.
