Information disclosure of user by email using buy widget

In the Coinbase Buy Widget flow, we were displaying the last 4 digits of a user's phone number for verification purposes (e.g. "we've send a code to xxx-1234"). Industry standard seems to be 2 digits instead of 4, so we now mask all but the last 2 digits.