On Monday, Google announced the implementation of a new cybercrime countermeasure, which is closing accounts that have been unused for at least two years.
Alphabet introduced the new policy in May, saying it was necessary to eliminate a significant security risk. An internal study conducted by the tech conglomerate showed that older accounts are more prone to unauthorized access.
Older Google accounts are more likely to have weak or recycled passwords that are easier to guess or crack. Moreover, these accounts seldom have the protection of newer security measures, such as the two-step verification.
Since August, the search giant has sent multiple warning emails to relevant accounts and their user-provided recovery emails.
Google will delete the first batch of inactive accounts on Friday. The accounts will be wiped entirely, not only Gmails. Hence, everything in the affected Google Suite will be removed, including every file in Docs, Drive, Photos, Meet, Calendar, etc.
First on the removal list are accounts that have been created but never used again. The two-year counter resets each time the user accesses their account, no matter how brief.
Accounts with YouTube channels that have at least one video will be exempted from mass deletion. In addition, the exception extends to accounts used to publish apps or buy a digital item like a book or movie.
Lastly, any remaining balance on gift cards will safeguard an account from being deleted.
Cybercrime Receives More Attention from Google
An increasing number of cybercriminals have started targeting abandoned Google accounts to acquire user information illegally.
The company stressed that the initiative proves its commitment to protecting private information, even for those no longer using its services.
Cybersecurity firm Verity lauded the move, saying it reduces the attack surface available to cybercriminals.
Some hackers have Google accounts that were created long ago. If their old accounts are removed, the hackers will have no choice but to make new ones. However, doing so would be more challenging since account creation now requires verification from an active phone number.
Erasing inactive accounts may also eliminate older data that hackers have fraudulently acquired and stored for later use.