Those Google accounts you haven’t logged into in years could be wiped this week. As of Friday, Google will delete inactive accounts that have been inactive for at least two years.
In May, the company announced a new security policy in order to prevent security risks: Using recycled passwords and not using modern security measures like two-step verification makes older accounts far more vulnerable to phishing, hacking, and spam, according to internal findings.
The company has been sending warnings to affected users since August, with multiple alerts sent to impacted accounts and backup emails provided by users. According to Google, the first accounts to be eliminated are those that were created and never revisited.
Google wrote in an August policy update: “We want to ensure your privacy and prevent unauthorized access to your account regardless of whether you’re still using our services.”
All content across an inactive user’s Google suite, including Gmail, Docs, Drive, and Photos, has the potential to be erased from their account.
The deletion plan excludes account holders with YouTube channels, those with remaining gift card balances, those who purchased a digital item such as a book or movie, and those who have published apps on platforms such as Google Play, the company said in August.
Unlike an earlier policy, the decision to remove accounts is more comprehensive. Google stated in 2020 that while consumers’ content would be removed from services they had ceased using, their accounts would remain intact.
Oren Koren, CPO and co-founder of cybersecurity company Veriti asserts that eliminating outdated accounts is essential to maintaining security because these accounts are often seen as low risk, which presents a potential opening for malevolent actors.
Hackers may be forced to register new accounts, which now need phone number verification if old accounts are deleted. Furthermore, the erasure removes older material that might have at some point been compromised in a data breach.