Login credentials or an authentication token? It's pretty standard to use an auth token in situations such as emails to protected content, considering that users profiles are blocked to non-members. To allow you to do a follow through from an email link it is necessary to introduce a way to automatically log yourself in through a click. You'll see the same email behavior from most websites you have an account for and you've allowed to send you emails. The trust chain that this is generally considered OK is that the email has gone through a two way verification for that account you've signed up for, so a uniquely generated auth token emailed is akin to a forget password at that point.
The security failure was mostly on your part, but also on the sites for not conveying a notice that email links that automatically authenticate you are in emails.
Sharing any directly copied link information from an email to a set of anonymous users, especially as unreputable as you have stated, is unadvised.
Assuming they haven't updated it since I was there, its an auth token that expires after a specific amount of time (I want to say 2 weeks but its been a long time)
The security failure was mostly on your part, but also on the sites for not conveying a notice that email links that automatically authenticate you are in emails.
Sharing any directly copied link information from an email to a set of anonymous users, especially as unreputable as you have stated, is unadvised.