One of the common way of implementing 2FA is using phone number Text message or Call with OTP. As I can see, usually web services show something like "OTP was sent to the number +*********34". Is is done because revealing the number is considered a vulnerability? If yes, then which one, is it described anywhere? I guess it has something to do with not wanting to show too much info about the user. This info might be used be social engineering, but maybe there is something else?
Having a link to a trusted location with the description would be great as well.