Well, if you're brute forcing user passwords - you've probably done a cursory crawl of all or some users first.

A good bet to find people with private repositories, would be to aim for all or a subset of those who belong to an Github "organisation".

Likelihood of valuable user greatly increased.