Google has announced that the deletion of content in Gmail and Photos will commence on December 1.

Google has officially confirmed the initiation of account deletions, or more accurately, purges, for specific personal Google accounts starting from December 1. This comprehensive purge encompasses a wide range of content, including Gmail messages, Google Photos libraries, Google Calendar appointments, and Google Docs archives. Here’s a guide to everything you should be aware of leading up to the December deadline.

Is There a Risk to Your Gmail and Photos? With over 1.8 billion Gmail users and a growing number reaching 2 billion for Google Photos, the question looms: could your account be part of the unspecified number facing impact? The reassuring aspect is that, statistically speaking, the likelihood is low. Google’s security-driven purge targets only inactive personal accounts, specifically those that haven’t been accessed for at least two years. If you’ve engaged in activities such as sending or receiving emails through Gmail, storing files in Google Drive, downloading apps from the Google Play Store, uploading photos to Google Photos, or conducting Google searches while logged into your account, your valuable content remains secure. This initiative does not affect Google business accounts.

In May, Ruth Kricheli, a vice president of product management at Google, clarified the rationale behind the update to the inactive account policy. According to Kricheli, accounts left dormant for an extended period are more susceptible to compromise. The logic is that these unused accounts likely haven’t undergone routine security checks, may lack activated two-factor authentication, and might be using insecure passwords. Kricheli emphasized that internal analysis indicates abandoned accounts are at least 10 times less likely than active accounts to have two-step verification enabled. Due to this statistical vulnerability, the risk of compromise is heightened. A compromised Google account is highly desirable for threat actors, offering access to email messages and documents that can be exploited for password resets, identity theft, and serve as a launching point for various malicious activities.