Gmail big chunk of messages missing

Rigo

Rigo

Active Member
Reaction score
152
Location
Australia
Customer brought in a case I've never come across.
All of a sudden a big chunk of her messages just disappeared, from 28 June 2023 to 27 July 2017.
Older messages and newer ones are present except anything that was in period gap.
I've checked all the folders just in case, nowhere to be found.
She's totally confident she didn't delete them, not in trash either.
Even the content of subfolders she had created to categorise her messages are missing.
I noticed some Gmail messages about successful account recovery on the 29 June 2023. They reckon they had changed their account pwd because they couldn't remember it on that day though they had had access to the emails. They are adamant it was not because they couldn't log into the email but she cannot remember why they did it. Reasonably senior people 🙂
Didn't think anyone would need to take regular backups of their Gmail messages 🤔
 
Rigo said:
I've checked all the folders just in case, nowhere to be found.
Click to expand...
Even the All Mail folder* (easiest to do using Webmail)? That's where the undead remnants of deleted messages lurk, among other things. Basically, if it's not there then it's really gone.

* Yes I know Gmail doesn't really have folders, only labels. But for the present purposes they quack like folders. Just humour me.
 
Rigo said:
They reckon they had changed their account pwd because they couldn't remember it on that day though they had had access to the emails. They are adamant it was not because they couldn't log into the email but she cannot remember why they did it. Reasonably senior people 🙂
Click to expand...
Phished?
 
seashore said:
Phished
Click to expand...
I did try to make sense of why change the password thinking someone slammed the access shut and they had to recover the account.
They said no, they could still access their mail prior.
They had the impression that the Google account was something different with a different password they couldn't remember, so they changed it to get access.
Since they could still access their email I concluded it probably was not due to a hack?
 
Rigo said:
I thought folders was what everyone else called them except Google?
Click to expand...
No, they're conceptually different. In Gmail's world you can apply more than one label to a message, which kind-of makes it look as if it's in more than one folder. You can also apply no label to a message, which makes it appear to be nowhere at all - except in All Mail.

Most of the time this doesn't matter, except when huge swathes of messages mysteriously vanish because all of their labels have been removed. That's when you look in All Mail.
 
Computer Bloke said:
when you look in All Mail
Click to expand...
The missing chunk of messages is missing from there too.
The sub-labels names are still there but empty as well.
Any idea about how this could happen save from some hacking? I'll need to try to give them some explanation 🤔
 
Rigo said:
All of a sudden a big chunk of her messages just disappeared, from 28 June 2023 to 27 July 2017.
Click to expand...
Rigo said:
I noticed some Gmail messages about successful account recovery on the 29 June 2023.
Click to expand...
Just throwing it out there - is there a chance they recovered an old account instead of their current one? An account that hadn't been used since 2017?
 
seashore said:
old account instead of their current one
Click to expand...
Very interesting idea
New messages are coming in into this account since 28 June 2023.
If an old account and no one was sending anything through it, how would it be receiving messages if not the current one?
I'll attempt to clarify this tomorrow as it may be a valid supposition.
 
First thing I would do is login to check account activity which includes login dates and times with IP addresses. I recently had a situation where a customer said all of a sudden she couldn't get into her email, thought her gmail was hacked. I discovered an account recovery notice and then a password reset notice. Not the most observant customer so I wasn't able to get specific answers. But it looked like someone had used a networkable TV in her home to connect to her Google account. So I'm guessing that was how that happened.

Last account activity - Gmail Help

You can see your sign-in history, including the dates and times that your Gmail account was used. You can also see the IP addresses which were used to access your account.
support.google.com
 
Last edited:
Rigo said:
If an old account and no one was sending anything through it, how would it be receiving messages if not the current one?
Click to expand...
Well, there could be a machine set up to retrieve and delete messages from the old account using POP3. Once the password for that account had been changed that process would stop working, and any new messages sent to that account would start to become available to your client.

If you also assume that there's a rule set up to forward messages from the new account to the old one then you'd see pretty much the behaviour you've described.

It's theoretically possible. But it's not at all likely.
 
Rigo said:
The sub-labels names are still there but empty as well.
Any idea about how this could happen save from some hacking?
Click to expand...
I'd be tempted to apply Hanlon's Razor: "Never attribute to malice that which is adequately explained by stupidity."

It's much more likely that this was the result of overzealous housekeeping than that an attacker gained access to the account.
 
@Computer Bloke

I have found that 90% of what most end users will call about, convinced they've "been hacked," is the result of something they've done.

This specific example just screams that as being the most likely cause. What possible benefit would this particular deletion be to anyone, let alone an attacker?
 
Markverhyden said:
First thing I would do is login to check account activity which includes login dates and times with IP addresses. I recently had a situation where a customer said all of a sudden she couldn't get into her email, thought her gmail was hacked. I discovered an account recovery notice and then a password reset notice. Not the most observant customer so I wasn't able to get specific answers. But it looked like someone had used a networkable TV in her home to connect to her Google account. So I'm guessing that was how that happened.

Last account activity - Gmail Help

You can see your sign-in history, including the dates and times that your Gmail account was used. You can also see the IP addresses which were used to access your account.
support.google.com
Click to expand...
The 3 days historical log means I can't see anything about the period in question ~28 June 2023.
Thank you for the resource though.
 
Last edited:
Computer Bloke said:
there could be a machine set up to retrieve and delete messages
Click to expand...
They've only got 2 computers and 2 iPhones and haven't apparently changed anything except for the password.
She couldn't even understand what I was asking about 'browsers' when checking how she accessed her emails.
 
Rigo said:
She couldn't even understand what I was asking about 'browsers' when checking how she accessed her emails.
Click to expand...

I've given up on asking about whether webmail is in use by asking whether they get their email in a web browser. I ask if they're using an email client such as Outlook or Thunderbird, and if the answer is no, ask if they enter "gmail.google.com" or "mail.google.com" in the address bar to get to their Gmail. People seem to recognize the URLs they enter (or see all the time) but have no idea it's a web browser they're seeing them in.

This is something I really just don't understand in 2023, but it's a fact. The idea that there are massive numbers of users who have no idea what "a web browser" is just floors me, since virtually all of them use one on anything from a daily to a very frequently otherwise basis.
 
Computer Bloke said:
No, they're conceptually different. In Gmail's world you can apply more than one label to a message, which kind-of makes it look as if it's in more than one folder. You can also apply no label to a message, which makes it appear to be nowhere at all - except in All Mail.
Click to expand...

Just veering off topic a bit, but I have always assumed that Outlook worked the same way - one PST file with everything and just a database field specifying which folder to display the message in - the difference being that gmail is more clever in that you can have multiple labels for an email, but with Outlook you can only have one. Thunderbird, on the other hand, uses a different mbox file for each folder, right? So that's clearly a different storage method than either Outlook or Gmail.

I've never seen the actual structure of any of them, though: a PST, an MBOX or an Exchange EDB file either so this is all just conjecture...

On the actual OPs issue, given that you have to use a correctly-formatted search to be able to delete a date-based range of emails like that, I would think it unlikely that the user did it accidentally. I would be more inclined to believe a database corruption of some kind was at the root of the issue.
 
Mick said:
Genuine Conversation.

Client: My email has stopped happening.

Me: OK - let's see if we can narrow things down a bit. Can you get on the internet?

Client: They're not on the internet - they're on this computer in my bedroom.
Click to expand...
Reminds me of the one that's been floating around for years about trying to troubleshoot a computer that's not working.

Technician - can you see if the power cords are plugged in under the desk?

Customer - I can't see anything. The lights are out.
 
You must log in or register to reply here.

Similar threads

thecomputerguy
It's the clients, they just kill me.
Replies
16
Views
2K
frase
frase
thecomputerguy
New clients MFA is all out of whack and not sure how to fix it.
2 3 4
Replies
60
Views
4K
Rosco
Rosco
YeOldeStonecat
Client lost admin account to GMail business tenant for one of their domains
Replies
1
Views
1K
Sky-Knight
Sky-Knight
HCHTech
I hate IMAP
Replies
11
Views
2K
callthatgirl
callthatgirl
timeshifter
The nightmare of Outlook OST files
Replies
17
Views
3K
Diggs
Diggs
Back
Top