This information is public from 2010, since the Sony PlayStation fiasco where they used R=4 to sign *all* the games in their online store.
It was known right from the beginning, when ElGamal published his signature scheme, on which Schnorr signatures are based, on which classical DSA is based, on which ECDSA is based.
From his
1985 paper:
Note 2: If any k is used twice in the signing, then the system of equations is uniquely determined and x can be recovered. So for the system to be secure, any value of k should never be used twice.