Starting Friday, Google is set to implement its plan to delete accounts inactive for at least two years. The company, which introduced this policy in May, aims to enhance security by reducing potential risks associated with older accounts. Google's internal findings indicate that inactive accounts are more prone to using recycled passwords and are less likely to employ updated security measures such as two-step verification. By removing these inactive accounts, Google aims to mitigate vulnerabilities related to issues like phishing, hacking, and spam.
Since August, Google has been informing impacted consumers through warnings, with several alerts sent to impacted accounts and backup emails provided by individuals.
According to Google, accounts that were created but never checked again by the user will be the first to be closed in a staged manner, the company announced in May.
“We want to protect your private information and prevent any unauthorized access to your account even if you’re no longer using our services,” Google wrote in an August policy update.
Google accounts include everything from Gmail to Docs to Drive to Photos, meaning all content sitting across an inactive user’s Google suite is at risk of erasure.
The deletion motion has a few exceptions: accounts used to buy digital products like books or movies, those with YouTube channels, those with gift card balances left, and those that have released apps that are available on stores like the Google Play store, the business stated in August.
Unlike an earlier policy, the decision to remove accounts is more comprehensive. Google stated in 2020 that while consumers' content will be removed from services they had ceased using, their accounts would remain intact.
Deleting old accounts is a key step to ensure security, according to Oren Koren, CPO and Co-founder of cybersecurity firm Veriti, who says that old accounts are frequently viewed as low risk and, thus, can be an opening for malicious actors. Deleting old accounts might force hackers to create new accounts –- an action that now requires phone number verification. Additionally, the erasure gets rid of older data that may have been leaked in a data breach at some point.
“By proactively removing these accounts, Google effectively shrinks the attack surface available to cybercriminals,” Koren wrote to CNN over email. “This action by Google exemplifies a broader trend in cybersecurity: taking preemptive steps to strengthen overall digital security landscapes.”
All you have to do to save your account is sign in to any Google service or your Google account at least once every two years. You can use this time to read an email, watch a video, or conduct a single search, among other things.