Skip to Content

What happens if a fraudster gets into your Rightmove Plus account

Categories: Maximising your Rightmove membership

What happens if there’s a data breach?

Understand  your obligations if a fraudster is allowed access to your Rightmove Plus account.

What happens if we identify that a fraudster has gained access to your Rightmove Plus account?

If we identify any suspected fraudulent activity on your Rightmove Plus account, we’ll take immediate steps to protect your data and access to Rightmove Plus.

We’ll immediately switch off Rightmove Plus access for the affected user(s) whilst we investigate. We do this to protect the personal data held within Rightmove Plus, as giving unauthorised access to this data is a breach of GDPR.

If your branch shares a log-in, this will mean your whole branch being made invisible on Rightmove until we’ve fully investigated the instance.  That’s why we require you to create a log-in for each individual user, so that only the compromised user would have their access revoked and not the entire branch.

After we’ve investigated the incident, we’ll make sure you reset your Rightmove Plus password. We’ll also ask you to confirm that you’d changed your password on your email account and any other websites where you used the same password. If you didn’t previously have individual log-ins set up, you’ll have to create them before we put your branch back online.

We reserve the right to suspend the account of any agent who gives their Rightmove Plus account details away multiple times, as outlined in our terms and conditions.

What responsibilities do you have under GDPR if someone gains access to your Rightmove Plus?

Your Rightmove Plus account hosts your leads, which contains personal data.  Under GDPR, you are the primary data controller of the personal consumer data that sits within your Rightmove Plus account, so it is your responsibility to take all steps to keep this data secure.

If a data breach occurs due to you giving away your log-in credentials, you may need to inform the ICO of any data breaches. You can read their guidance here: