This information is public from 2010, since the Sony PlayStation fiasco where they used R=4 to sign *all* the games in their online store.
It was known right from the beginning, when ElGamal published his signature scheme, on which Schnorr signatures are based, on which classical DSA is based, on which ECDSA is based.
From his
1985 paper:
Note 2: If any k is used twice in the signing, then the system of equations is uniquely determined and x can be recovered. So for the system to be secure, any value of k should never be used twice.
And should have been obvious to anyone who has implemented the cryptosystem too, if k didn't have to be secret/unique you could just make it a parameter of the system and eliminate r and halve the size of the signatures.
I bet there would have been fewer of these errors over the years if k had a more informative name from the beginning. Maybe something like "ephemeral private key" to automatically make people notice that generating k randomly is as important as generating private keys randomly.