I like to keep an eye on the various Google support forums, including the Gmail subreddit. So, when I saw someone asking whether Google deletes inactive Gmail accounts, I was kind of surprised, given that it’s almost exactly a year ago that I started warning users of this very danger. You likely won’t have nine different Gmail accounts, each used for a different purpose, as the person asking for help, but here’s what you need to know if you have any Gmail accounts that have not been used in a while.
The New Google Policy On Gmail And Photo Account Deletions Explained
As regular readers of the cybersecurity section of Forbes.com will be aware, a Google policy change put the Gmail and Photos content of some users at risk In a change to the inactive account policy, Google announced that as from Dec. 01, 2024, certain accounts would be deleted and content such as Gmail messages, Google Photo libraries and Google Docs archives would be deleted with them.
Google actually started emailing holders of accounts likely to be affected first by the inactive accounts policy change some 18 months ago now, with those being accounts that were opened but never actually used since. More recent emails have since been sent that confirmed other Gmail and Photos accounts will be closed in due course.
The new inactive account policy from Google defines inactivity as being an account that has not been used for two years. Moreover, the policy now states, “Google reserves the right to delete an inactive Google Account and its activity and data if you are inactive across Google for at least two years.” It’s critical to point out that this only applies to personal Google accounts, so business and educational accounts are not affected. When it comes to the data our content within an account that can be deleted, Google says that this is “determined based on each product’s inactivity policies.”
These product policy definitions are categorized by Google as account activity if it meets any of the following requirements:
- Reading or sending an email
- Using Google Drive
- Watching a YouTube video
- Sharing a photo
- Downloading an app
- Using Google Search
- Using Sign in with Google to sign in to a third-party app or service
The Security Reasoning Behind The Gmail And Photo Content Purge
With some 2.5 billion active users, according to Google itself, it is no wonder that Gmail is a primary target for many cybercriminals looking to gain initial access to other networks and accounts. Now, you might think that a Google account that has remained inactive for two years is hardly likely to be a worthwhile target for a sophisticated phishing campaign, but that doesn’t make them a waste of time for an attacker to target. Ruth Kricheli, a vice president of product management at Google, said when announcing the new inactive account policy update, “If an account hasn’t been used for an extended period of time, it is more likely to be compromised.” This is very accurate as it also means the account is way less likely to have had any recent security checks by the owner, let alone be using two-factor authentication or a secure password. “Our internal analysis shows abandoned accounts are at least 10x less likely than active accounts to have 2-step verification set up,” Kricheli said. Yet that account still has value to an attacker as it can be used as a launchpad for further attacks, and that is without considering that the information stored within it could still be a treasure trove of hacker-friendly data.
Next Steps To Protect Gmail And Photo Content From Deletion
In addition to referring to the previously listed account activities, Google users looking to protect their accounts need to follow only one simple rule: log in at least once every couple of years. I’d recommend making that every three months and taking a Google account security checkup while signed in to ensure you are keeping on top of your account security configurations.
If you can’t recall the login credentials for your inactive Google account, then maybe it’s a timely reminder to use a password manager app. That won’t help you immediately, though, but all is not lost. Start the Google account recovery process which requires the entry of a telephone number or recovery email address. Most of the time entering a known telephone number or email address, regardless if you’ve forgotten the details off your account, will prove successful. Google will send a text message or email to those recovery contacts and provide the details of the accounts associated with them. Once you have this level of detail, try to sign into the account and follow the route for forgotten passwords to set off the password recovery verification process.
Just remember that Google account activity, be it Gmail or Google Photos that you are interested in, is determined by account rather than device. So be sure to take action now to prevent your accounts from being tagged as inactive and risk losing important, if overlooked, Gmail and Google Photos data.