Google

In emails sent over the weekend, Google warned customers again that it would start deleting inactive accounts on December 1st, 2023.

The company will only enforce this rule for accounts that haven't been used or signed into within two years but will first notify the users their accounts are eligible for deletion.

"If your account is considered inactive, we will send several reminder emails to both you and your recovery emails (if any have been provided) before we take any action or delete any account content. These reminder emails will go out at least 8 months before any action is taken on your account," Google's email reads.

Once a Google Account is deleted, the associated Gmail address will become ineligible for use in creating a new Google Account.

The easiest way to keep a Google Account active is to log in at least once every two years. As long as you have accessed your Google Account within the past two years, it will be considered active and will not be subject to deletion.

Additional means to maintain your account's activity status include reading or sending an email, using Google Drive, downloading apps from the Play Store, using Google Search and watching YouTube while logged on, sharing photos, or using Sign in with Google with third-party services.

The rule also comes with certain exceptions, including Google Accounts with YouTube activity (channels, videos, or comments), holding a gift card with a monetary balance, that published apps on the Google Play store.

Google inactive accounts warning
Google inactive accounts warning (BleepingComputer)

Deleted to prevent misuse by threat actors

The company first warned customers that it changed its inactive account policies in May, when Ruth Kricheli, Google's VP for Product Management, said extended periods of inactivity might indicate that the accounts have been compromised.

"This is because forgotten or unattended accounts often rely on old or re-used passwords that may have been compromised, haven't had two factor authentication set up, and receive fewer security checks by the user," Kricheli said.

"Our internal analysis shows abandoned accounts are at least 10x less likely than active accounts to have 2-step-verification set up."

Once compromised, threat actors can use Google accounts for a wide range of malicious purposes, from identity theft to sending spam or phishing emails.

"We want to protect your private information and prevent any unauthorized access to your account even if you're no longer using our services," Google warned in the emails sent to Google users over the weekend.

However, Google also allows users to download their data using the Google Takeout service, and it provides a feature known as the Inactive Account Manager that helps plan what happens with the account over a specific period of inactivity.

Related Articles:

Google Chrome to let Isolated Web App access sensitive USB devices

Polyfill.io JavaScript supply chain attack impacts over 100K sites

Chrome for Android tests feature that securely verifies your ID with sites

CISA warns of Windows bug exploited in ransomware attacks

YouTube tests harder-to-block server-side ad injection in videos