I was going to title this 'This is not the Token you are looking for', but in the name of search ability I resisted.
If you find yourself in the situation where you've sent out an email to a large number of people using a hardcoded token for a specific individual. In this case your best course of action is to delete that token. Otherwise, everyone will be logging in as the lucky individual.
To do this you'll need to run a few SQL commands under 'Admin Tools > Power Tools > SQL Command'.
First, you'll need to find the offending token. To do this find the individual whose token was sent out. The easiest place to find this is in the URL of their person profile page. Next run the SQL below changing the person id in the where clause.
pt.[Id] AS [PersonTokenId]
FROM [PersonToken] pt
INNER JOIN [PersonAlias] pa ON pa.[Id] = pt.[PersonAliasId]
WHERE pa.[PersonId] = 2 -- Change this PersonID
ORDER BY pt.[Id] DESC
The tokens are in order with the newest at the top. Once you find the offending token not it's id (the first column). You can now run the statement below to delete it. Be sure to first change the id of the token and flow the 'Selection Query' switch to 'No',
DELETE FROM [PersonToken] WHERE [Id] = 999999